J. Bruce Fields a écrit :
On Thu, Sep 04, 2008 at 07:41:17PM +0200, François Valenduc wrote:
J. Bruce Fields a écrit :
On Thu, Sep 04, 2008 at 07:31:11PM +0200, François Valenduc wrote:
I had indeed forgot to add sec=krb5 to the export options. But even
if I add it, it doesn't change anything.
OK, and you re-exported? (Just to double-check--what does exportfs -v
say?)
Is it really possible to use krb5 authentification with nfs ? I have
read a lot of howto and follow the instructions and it never
succeeds...
I'm sorry you've had trouble with it, but yes, it definitely works--I
use it every day.
--b.
So, here is the output of exportfs -v relating to my home folder:
/home/francois
ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=krb5,rw,root_squash,no_all_squash)
Actually, I forgot, if you're using v3, you probably need to allow
auth_sys mounts as well:
sec=sys:krb5
(Fixed in the latest kernel git, but that's not released yet.)
--b.
I have changed it and it's still the same. The main problem seems to be
the uid and gid mapping. I still get this line:
clnt: nfs@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx, uid: -1,
gid:
-1, num aux grps: 0
But, exportfs -v now gives the following:
/home/francois
ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=sys:krb5,rw,root_squash,no_all_squash)
The line in fstab on the client is the following:
pc-francois:/home/francois /mnt/pc-francois nfs
rw,noatime,rsize=1024,wsize=1024,soft,sec=krb5,noauto,users 0 0
What else should I do ? I can get a krb5 ticket but this is not enough
to mount the filesystem.
François
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
