Greetings List, I have been successfully using a non-root user on a Linux client to mount (with an appropriate fstab entry) NFSv4 using Kerberos for about a year now, but it only works if I do the following: * run `rpc.gssd -n` as root * run `kinit mynonrootuser@REALM` as root (from a login shell, not su/sudo) * also run `kinit` as mynonrootuser (expected). This "works", for some definition of the term, but I consider it to be limping along. Since NFS needs two tickets to authenticate, the main failure mode is root's ticket (for the non-root principal) predictably doesn't get renewed when the Kerberos infrastructure renews the ordinary ticket, seizing up any affected mounts. It’s a marginally-tolerable configuration for a personal laptop but altogether inappropriate for much else. I tracked the problem last year down to a mismatched uid in the pipefs protocol (see thread <https://marc.info/?l=linux-nfs&m=164029845630159&w=2>). It seems like a simple enough bug to fix but as I mentioned in the previous thread, if I knew where it was happening I'd have sent a patch by now. I am curious if there has been any attempt to fix this in the last year. Regards, -- Dorian Taylor Make things. Make sense. https://doriantaylor.com
Attachment:
signature.asc
Description: Message signed with OpenPGP
