Hey Kevin,
When the krb5 realm and the DNS domain name are not
the same and the 'Local-Realm' variable is not
set (or set incorrectly) in /etc/idmapd.conf,
causes the krb5 mounted file system to be inaccessible
by any and all users, which is the right thing to do.
But, the problem is, there is no reason logged as
to why the all users are being denied assess; with
or without debug enabled.
This patch will log, with debug enabled, when the
krb5 realm can not be used since it does not match
the DNS domain name or the 'Local-Realm' variable
defined in /etc/idmad.conf.
Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
---------------------------------
diff -up libnfsidmap/nss.c.orig libnfsidmap/nss.c
--- libnfsidmap/nss.c.orig 2009-04-13 14:46:17.000000000 -0400
+++ libnfsidmap/nss.c 2009-06-05 10:37:46.000000000 -0400
@@ -298,9 +298,11 @@ static int nss_gss_princ_to_ids(char *se
break;
}
}
- if (!found)
+ if (!found) {
+ IDMAP_LOG(1, ("nss_gss_princ_to_ids: Local-Realm '%s': NOT FOUND",
+ princ_realm));
return -ENOENT;
-
+ }
/* XXX: this should call something like getgssauthnam instead? */
pw = nss_getpwnam(princ, NULL, &err);
if (pw == NULL) {
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
