On Fri, Nov 08, 2013 at 10:46:26AM -0800, Chuck Lever wrote: > The fly in this ointment is allowing clients with no keytab to mount > with sec=krb5. > > We can use ENOKEY to allow lease management with AUTH_SYS but data > access using Kerberos and a user's credential. So "mount -osec=krb5*" means "use krb5* or stronger for everything", unless you have no keytab in which case it means "use krb5* for all file access but allow auth_sys for lease maintenance". Huh. I guess that works. --b. > > Otherwise, a user has to login as root, kinit as themselves, and then > mount. That makes automounter configurations a little dodgy. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
