On 12/22/2015 03:00 AM, 0xbabaf00l wrote: > WARNING: gss_accept_sec_context failed > ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): > GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more > information) - Key version number for principal in key table is > incorrect
Since the keytab kvno matches the KDB kvno for the principal, this error probably means that the client has stale tickets. If you are truly getting this error on startup, I don't know enough about the NFS implementation to know what rpc.svcgssd is accepting authentication from. You need to find the relevant credential cache and remove it, or perhaps refresh it with kinit. (If this seems unnecessarily aggravating, it is. The protocol was designed under the assumption that services can retain old keys for some period of time after new ones are generated. That assumption is much less true in an age where servers are frequently virtual and commonly rebuilt. See http://k5wiki.kerberos.org/wiki/Projects/Graceful_recovery_after_destructive_service_rekey for more details.) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
