2006-04-13 18:47:05

by Christopher Smith

[permalink] [raw]
Subject: NFSv3/4 and Kerberos.

Folks--

I'm working on doing some testing of NFSv3 and NFSv4, and I'm running
into the following error (shown from rpc.gssd -vvv -f):

rpcsec_gss: xdr_rpc_gss_init_args: encode success (token 0x9e7b550:531)
rpcsec_gss: in authgss_refresh()
rpcsec_gss: gss_init_sec_context: A token was invalid - No error
rpcsec_gss: in authgss_destroy()
rpcsec_gss: in authgss_destroy_context()
WARNING: Failed to create krb5 context for user with uid 0 for server
cmsmith-ntap.hq.example.com

The system I'm working with is:

RHEL4u3, x86 (fully updated)
uname -r: 2.6.9-34.EL
nfs-utils-1.0.6-65.EL4

I've attached 4 files as well:

1. output of klist -ae
2. my krb5.conf file
3. rpc.gssd -vvvf (full output)
4. tcpdump -s host cmsmith-ntap

Any ideas? Please let me know if I should provide further
information. A useful data point is that the behavior is exactly the
same for both v3 and v4 (aka, same error is generated).

Best,
CMS
--
Christopher M. Smith
[email protected]

Attachments:
(No filename) (968.00 B)
 krb5.conf (636.00 B)
 klist (330.00 B)
 rpc.gssd (3.11 kB)
 tcpdump (8.76 kB)
 Download all attachments

2006-04-13 22:20:45

by Kevin Coffman

[permalink] [raw]
Subject: Re: NFSv3/4 and Kerberos.

This sounds kind of familiar, but it has been quite a while since I've
dealt with this level of code.

Is cmsmith-ntap both nfs client and nfs server? Any errors from the
server (rpc.svcgssd)?

This *might* be related. Each machine should only have its own keys
in its keytab. (If katana is the nfs client, it should not have
cmsmith-ntap's key, which it is using, in its keytab.)

K.C.


On 4/13/06, Christopher Smith <[email protected]> wrote:
> Folks--
>
> I'm working on doing some testing of NFSv3 and NFSv4, and I'm running
> into the following error (shown from rpc.gssd -vvv -f):
>
> rpcsec_gss: xdr_rpc_gss_init_args: encode success (token 0x9e7b550:531)
> rpcsec_gss: in authgss_refresh()
> rpcsec_gss: gss_init_sec_context: A token was invalid - No error
> rpcsec_gss: in authgss_destroy()
> rpcsec_gss: in authgss_destroy_context()
> WARNING: Failed to create krb5 context for user with uid 0 for server
> cmsmith-ntap.hq.example.com


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs