Originally posted by: laakm
Hello,
I setup an NFS version 4 / NAS 1.4.0.9 server and a NFS slim client to mount a krb5 authenticated NFS partition. The user get a valid user TGT with "kinit <user>". Going to the partition (mountpoint) with cd or ls it fails (Permission denied). There is no NFS service principal ticket and the KRB5CCNAME is not set.
Using truss against the GSSD process shows that the gssd process is looking for a PAG type credential cache file. I am not trying to use PAG type cache files but UID type's.
If I use kinit -u, then the PAG type credential file is created and the KRB5CCNAME is set in a new shell. Now the user can access the krb5 authenticated NFS partition (mountpoint).
I read the information on
http://www.ibm.com/developerworks/aix/library/au-kerberonfs.html but i have still problems with permission denied.
I am not using LDAP, NIS, EIM or ACL's.
A few questions:
-
How do I setup a client NFSv4 to use krbcc_UID only ??
-
How do I unset the PAG value for the krb5 PAG name ?
I don't use PAG.
Thanks
#AIX-Forum