On Nov 16, 2010, at 3:54 PM, Jim Rees wrote: > Chuck Lever wrote: > > Before we go too far down the NM path of no return, I was under the > impression that some applications require the host's name on the localhost > entries in /etc/hosts. That's why NM puts it there. > > There's nothing invalid about having a hostname on the localhost entries > in /etc/hosts, is there? > > So I wonder if removing NM is really the solution here. > > No, it's not. I just like to complain about NM. > > The original problem was that rpc.svcgssd couldn't figure out the correct > kerberos realm. The fix in this particular case, I think, is to set the > realm explicitly in /etc/idmapd.conf. It's having trouble determining the NFS server's hostname. It needs to find the right nfs/your.host key in /etc/krb5.keytab. I don't know if realm self-discovery is an issue too. > But a more general problem is that if you don't set a realm in > /etc/idmapd.conf, the fallback is to whatever is returned by gethostname(). > Shouldn't the fallback be to what is in krb5.conf? > In general, I think it's a mistake to assume that a host's security realm is > the same as its dns domain, especially given host mobility, the lack of > security in dns, and the existence of other methods (krb5.conf) to determine > the security realm. -- Chuck Lever chuck[dot]lever[at]oracle[dot]com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
