On 17 September 2014 17:05, Simo Sorce <simo@xxxxxxxxxx> wrote: > On Wed, 17 Sep 2014 13:20:19 +0200 > Cedric Blancher <cedric.blancher@xxxxxxxxx> wrote: > >> What happens if there is no relation between KRB Realm names and >> FQDN/DNS? Can the NFS client find out which KRB Realm is used by the >> server? > > Depending on the environment you may have 1 or 2 ways. > > 1. add domain to realm mapping in the appropriate section in krb5.conf > on the client. > 2. allow the KDC to send back a referral (but not all clients will ask > their own KDC, some can do only 1). But how can 1. help? Sure I can have my own krb5.conf but AFAIK rpc.gssd only looks at he system /etc/krb5.conf and not at any custom user defined location. Basically mount(8) would have to pass the location of the custom krb5.conf file to rpc.gssd to facilitate the mount, right? I *think* we have a bigger problem here: Kerberos5 support in NFS appears to be designed around the philosophy of one realm per machine (one-to-rule-them'-all) and not that a single user or machine has mounts from many different realms, right? Ced -- Cedric Blancher <cedric.blancher@xxxxxxxxx> Institute Pasteur -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
