Re: NFS-Mount with MIT-Kerberos5 doesn't use user tickets...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 7, 2010 at 7:11 PM,  <thomas.wunder@xxxxxxxxxxxxxx> wrote:
>> By the looks of your /etc/fstab entry, the system (root) will try to
>> mount /mnt/net automatically.  You could try adding the "noauto"
>> option and then manually issuing the mount command as the user.  (Or
>> use automount?)
>> K.C.
> I'm pretty sure that it doesn't try to automatically mount the share on
> startup since there is no log entry that would indicate such an attempt.
> I already tried to do the mount as a user (which is authenticated via kerberos
> such that there is a valid ticket for that user) the logs (that i have posted)
> are showing what comes out of it. If I try to do the mount without the fstab-
> entry (i.e. mount -t nfs4 -o sec=krb5p dnsdhcp:/ /mnt/net) it is being
> rejected on the grounds that only root can perform a mount. 'sudo' doesn't
> work currently (i've got some problems with my PAM config for sudo) so I
> haven't had any chance to try it out...
>
> I've already set up automount but it actually does exactly the same as if I
> ran mount manually as described above.
>
> I'm totally confused because I don't understand what people like
> http://thread.gmane.org/gmane.linux.nfsv4/5893
> might have done to perform a mount with normal user privileges. If it was
> really mandatory to be root (as stated by Andy Adamson in the other message)
> then I wouldn't really understand why they should have implemented the uid
> passing using that pipefs file....

Hello Tom,

To allow non-root users to do the mount, add the "user" option to the
entry in /etc/fstab.  Then the user with uid 10002 should be able to
kinit and then mount.  (Note that in this case, there is no need for
the "-n" option to rpc.gssd.)

K.C.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux