[38562] in Kerberos
kvno X not found in keytab; ticket is likely out of date
daemon@ATHENA.MIT.EDU (Laura Smith)
Mon Jul 22 06:23:16 2019
Date: Mon, 22 Jul 2019 10:22:45 +0000
To: "kerberos@mit.edu" <kerberos@mit.edu>
From: Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>
Message-ID: <bN6XOq5sAynmdNHYQ-JnLJHABi2b250DRq39sjbY4ZrhJvOFj8itbb5aR4Fbxv_AOSePQ1voh-azddz-S359M8fqzgc2ZQ32VkHxsunCze0=@protonmail.ch>
MIME-Version: 1.0
Reply-To: Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Ok, I hold my hand up, I messed up. So the question is, how do I get myself out of this mess ?
A summary of how I got here:
• I have an NFS server and a bunch of clients connecting and auth using krb5.
• This was all working beautifully.... until today.
• Through an act of pure fat-fingered stupidity, I ran "addprinc -randkey nfs/name.of.nfs.server" when setting up a new NFS client (i.e used server name instead of client name).
• Now everything is broken (none of the NFS clients can connect to the server and I am seeing the error messages below on the NFS server).
• keytab on NFS server only had credentials for NFS server, so I deleted the keytab and created a new one through ktadd
• that didnt' work. a reboot of the NFS server didn't work.
Summary ? I'm up a smelly creek without a paddle !
Messages on NFS server:
2019-07-22T11:01:35.075247+01:00 foo rpc.svcgssd[847]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - Request ticket server nfs/foo.example.com@EXAMPLE.CORP kvno 3 not found in keytab; ticket is likely out of date
2019-07-22T11:01:39.460944+01:00 foo rpc.svcgssd[847]: message repeated 41 times: [ ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - Request ticket server nfs/foo.example.com@EXAMPLE.CORP kvno 3 not found in keytab; ticket is likely out of date]
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
