AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only

NFSv4 with krb5 credential cache question

  • 1.  NFSv4 with krb5 credential cache question

    Posted Thu February 03, 2011 08:37 AM

    Originally posted by: laakm


    Hello,

    I setup an NFS version 4 / NAS 1.4.0.9 server and a NFS slim client to mount a krb5 authenticated NFS partition. The user get a valid user TGT with "kinit <user>". Going to the partition (mountpoint) with cd or ls it fails (Permission denied). There is no NFS service principal ticket and the KRB5CCNAME is not set.
    Using truss against the GSSD process shows that the gssd process is looking for a PAG type credential cache file. I am not trying to use PAG type cache files but UID type's.

    If I use kinit -u, then the PAG type credential file is created and the KRB5CCNAME is set in a new shell. Now the user can access the krb5 authenticated NFS partition (mountpoint).

    I read the information on http://www.ibm.com/developerworks/aix/library/au-kerberonfs.html
    but i have still problems with permission denied.

    I am not using LDAP, NIS, EIM or ACL's.

    A few questions:
    • How do I setup a client NFSv4 to use krbcc_UID only ??
    • How do I unset the PAG value for the krb5 PAG name ?
    I don't use PAG.

    Thanks
    #AIX-Forum