Hi Trond, thanks for your reply. Please see my answer(s) below. On Wed, 01 Dec 2010, Trond Myklebust wrote: > [...] > ::1 my.host.name > > would completely screw up MIT kerberos's (and hence rpc.svcgssd's) > ability to figure out the correct fdqn for my server. Ok, but I have IPv6 disabled and thus also no such line in my /etc/hosts file since I removed it manually. > [...] > Unfortunately, NetworkManager loves to add 'my.host.name' to any > existing '::1' line. The only solution I've found so far is to disable > NetworkManager on my server. I use Debian which doesn't use NetworkManager. > > The other interesting rpcsec bug I found recently had to do with > selinux: apparently MIT kerberos also likes to create a > [...] selinux is disabled as well. > [...] FYI, I also ran strace on the mentioned invocation of rpc.svcgssd but I couldn't figure out the principal name rpc.svcgssd is really looking for. How can I figure this out? Do I need some to enable debug logging in my /etc/krb5.conf file? Judging from your explanation, this seems to be an MIT Kerberos<->host name resolution issue, rather than an NFSv4 rpc.svcgssd issue. Would you suggest I also send this to the MIT Kerberos mailing list? Thanks in advance & kind regards, Holger
Attachment:
signature.asc
Description: Digital signature
