On Tue, 2014-04-08 at 10:39 -0700, Frank Filz wrote: > > > If you mount by IP do you really care about krb5 ? Probably not, maybe > > > that's a clue we should not even try ... > > > > > > > It's certainly possible that someone passes in an IP address but then says > "-o > > sec=krb5". It has worked in the past, so it's hard to know whether and how > > many people actually depend on it. > > Mount by ip is sometimes used with clustered servers, especially when they > have all their IP addresses in the DNS record. Even using a FQDN that just > specifies that one IP address probably won't work then (since it probably is > NOT the hostname used in the server credential). I do not understand this, using an IP address or a name that resolve to said IP address is the same. As long as the server has a keytab with a key in that name it should just work fine, even if the hostname on the actual machine is different. If this does not work it is a bug in rpc.svcgssd/gss-proxy, and should be fixed, not something to try to work around using IP addresses. Simo. -- Simo Sorce * Red Hat, Inc * New York -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
