Re: Strange rpc.svcgssd behavior

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chuck Lever wrote:

  Before we go too far down the NM path of no return, I was under the
  impression that some applications require the host's name on the localhost
  entries in /etc/hosts.  That's why NM puts it there.
  
  There's nothing invalid about having a hostname on the localhost entries
  in /etc/hosts, is there?
  
  So I wonder if removing NM is really the solution here.

No, it's not.  I just like to complain about NM.

The original problem was that rpc.svcgssd couldn't figure out the correct
kerberos realm.  The fix in this particular case, I think, is to set the
realm explicitly in /etc/idmapd.conf.

But a more general problem is that if you don't set a realm in
/etc/idmapd.conf, the fallback is to whatever is returned by gethostname().
Shouldn't the fallback be to what is in krb5.conf?

In general, I think it's a mistake to assume that a host's security realm is
the same as its dns domain, especially given host mobility, the lack of
security in dns, and the existence of other methods (krb5.conf) to determine
the security realm.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux