On Tue, Nov 16, 2010 at 03:54:36PM -0500, Jim Rees wrote: > Chuck Lever wrote: > > Before we go too far down the NM path of no return, I was under the > impression that some applications require the host's name on the localhost > entries in /etc/hosts. That's why NM puts it there. > > There's nothing invalid about having a hostname on the localhost entries > in /etc/hosts, is there? > > So I wonder if removing NM is really the solution here. > > No, it's not. I just like to complain about NM. > > The original problem was that rpc.svcgssd couldn't figure out the correct > kerberos realm. The fix in this particular case, I think, is to set the > realm explicitly in /etc/idmapd.conf. > > But a more general problem is that if you don't set a realm in > /etc/idmapd.conf, the fallback is to whatever is returned by gethostname(). > Shouldn't the fallback be to what is in krb5.conf? > > In general, I think it's a mistake to assume that a host's security realm is > the same as its dns domain, especially given host mobility, the lack of > security in dns, and the existence of other methods (krb5.conf) to determine > the security realm. Probably so. Seems like hostname problems are one of the most frequent stumbling blocks for nfs/krb5 setup, too. But fixing this probably needs a volunteer. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
