Re: NFS4 kerberos

Tue, 01 Aug 2017 18:08:11 -0700 

should I have SECURE_NFS=yes in  /etc/sysconfig/nfs ?

On Tue, Aug 1, 2017 at 7:35 PM, Louis Garcia <louisg...@gmail.com> wrote:

> Does this have anything todo with gssproxy on the client? I did not know I
> had to configure that.
>
> On Tue, Aug 1, 2017 at 7:20 PM, Louis Garcia <louisg...@gmail.com> wrote:
>
>> I found this on the client.
>>
>> gssproxy[661]: gssproxy[672]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified
>> GSS failure.  Minor code may provide more information, No credentials cache
>> found
>> gssproxy[672]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.
>> Minor code may provide more information, No credentials cache found
>>
>> This is right after, not sure if related.
>>
>> audit[651]: USER_AVC pid=651 uid=81 auid=4294967295 ses=4294967295
>> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied
>> { send_msg } for msgtype=error er
>>
>> exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Aug 1, 2017 at 7:00 PM, Rick Stevens <ri...@alldigital.com>
>> wrote:
>>
>>> On 08/01/2017 03:24 PM, Louis Garcia wrote:
>>> > I've setup a kdc server and I'm able to kinit from my client and get a
>>> > ticket for ssh, nfs. I'm noticing nfs slow to mount, and disconnects
>>> > randomly when mounted with sec=krb5p. When I mount insecurely this does
>>> > not happen. I read that this has to do with gss but have not found a
>>> > solution.
>>>
>>> Have you checked journald's output for gss-related messages?
>>> ----------------------------------------------------------------------
>>> - Rick Stevens, Systems Engineer, AllDigital    ri...@alldigital.com -
>>> - AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
>>> -                                                                    -
>>> -         We have enough youth, how about a fountain of SMART?       -
>>> ----------------------------------------------------------------------
>>> _______________________________________________
>>> users mailing list -- users@lists.fedoraproject.org
>>> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>>>
>>
>>
>

_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Reply via email to