[38563] in Kerberos
Re: kvno X not found in keytab; ticket is likely out of date
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Mon Jul 22 06:47:37 2019
MIME-Version: 1.0 (1.0)
From: John Devitofranceschi <jdvf@optonline.net>
In-Reply-To: <bN6XOq5sAynmdNHYQ-JnLJHABi2b250DRq39sjbY4ZrhJvOFj8itbb5aR4Fbxv_AOSePQ1voh-azddz-S359M8fqzgc2ZQ32VkHxsunCze0=@protonmail.ch>
Date: Mon, 22 Jul 2019 06:47:23 -0400
Message-ID: <1E900263-15C3-49BB-91E6-EC9D42EBC7BE@optonline.net>
To: Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: multipart/mixed; boundary="===============4732139376941087703=="
Errors-To: kerberos-bounces@mit.edu
--===============4732139376941087703==
Content-Type: multipart/signed;
boundary="Apple-Mail-629E45BF-B005-41F4-89A7-2C4ED3D05467";
protocol="application/pkcs7-signature"; micalg=sha-256
Content-Transfer-Encoding: 7bit
--Apple-Mail-629E45BF-B005-41F4-89A7-2C4ED3D05467
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
How long has it been since this happened?=20
I think that the clients will be fine once their old ccaches expire. Have y=
ou tried forcing the issue by manually refreshing one of the clients?
Sent from my iPhone
> On Jul 22, 2019, at 06:22, Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch=
> wrote:
>=20
> Ok, I hold my hand up, I messed up. So the question is, how do I get myse=
lf out of this mess ?
>=20
> A summary of how I got here:
> =E2=80=A2 I have an NFS server and a bunch of clients connecting and auth u=
sing krb5.
> =E2=80=A2 This was all working beautifully.... until today.
> =E2=80=A2 Through an act of pure fat-fingered stupidity, I ran "addprinc -=
randkey nfs/name.of.nfs.server" when setting up a new NFS client (i.e used s=
erver name instead of client name).
> =E2=80=A2 Now everything is broken (none of the NFS clients can connect to=
the server and I am seeing the error messages below on the NFS server).
> =E2=80=A2 keytab on NFS server only had credentials for NFS server, so I d=
eleted the keytab and created a new one through ktadd
> =E2=80=A2 that didnt' work. a reboot of the NFS server didn't work.
>=20
> Summary ? I'm up a smelly creek without a paddle !
>=20
> Messages on NFS server:
>=20
> 2019-07-22T11:01:35.075247+01:00 foo rpc.svcgssd[847]: ERROR: GSS-API: err=
or in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified G=
SS failure. Minor code may provide more information) - Request ticket serve=
r nfs/foo.example.com@EXAMPLE.CORP kvno 3 not found in keytab; ticket is lik=
ely out of date
> 2019-07-22T11:01:39.460944+01:00 foo rpc.svcgssd[847]: message repeated 41=
times: [ ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context():=
GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more inform=
ation) - Request ticket server nfs/foo.example.com@EXAMPLE.CORP kvno 3 not f=
ound in keytab; ticket is likely out of date]
>=20
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--Apple-Mail-629E45BF-B005-41F4-89A7-2C4ED3D05467
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCBegw
ggXkMIIDzKADAgECAgMSyo4wDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwG
A1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0
aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMTcwMzEyMTcxMzE4
WhcNMTkwMzEyMTcxMzE4WjCBhTEeMBwGA1UEAxMVSm9obiBEZXZpdG9mcmFuY2VzY2hpMSEwHwYJ
KoZIhvcNAQkBFhJqZHZmQG9wdG9ubGluZS5uZXQxHzAdBgkqhkiG9w0BCQEWEGpkdmZAaG90bWFp
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGZvb25vbkBnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuIYJk6mZxRIxgf8pPvyeYLks8+9WVbnpii7xJkbw851Byf6PPjaoHVnPO
1iC8wfHAoH740fILQnueeZndsWKH/TazbhUoSn06T+Zrxv58uEWJ9bquhVYGOagYM/uFA8xN1tWZ
4kSE+hK7jnmsFabJdNwJmkm0DT12U6ca+gYiH3Z4RHsbsV3SV/crTDNsn9tFPy/4ZiLrvjC/W713
bCTR54srU8Q8QeL9QWqZSyp0CL6/J7z/DLmjklAz+kqwDpF4CxRtJagemC0luumo9YtWB5EAyveY
jvl9At5e4iybwolZxvz0xTXbtpmaydCs1cyNEicLx+L9KkjHHPFmkOeXAgMBAAGjggFmMIIBYjAM
BgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUg
Zm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzAOBgNVHQ8BAf8EBAMC
A6gwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3CgMEBgorBgEEAYI3CgMD
BglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNl
cnQub3JnMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3Js
MEEGA1UdEQQ6MDiBEmpkdmZAb3B0b25saW5lLm5ldIEQamR2ZkBob3RtYWlsLmNvbYEQZm9vbm9u
QGdtYWlsLmNvbTANBgkqhkiG9w0BAQ0FAAOCAgEAtrk00onJQuuPQ7meMGacZAVMdeXpUnNXs+0j
47T1FqEyv8D4Azyvd6Fq80awxBsA52Xh+jQd6HTbjQuK85C/TfUlk3InP7OeqMFZTfy1Bg4Z/HFz
ifwMP929Fa1+uhmy/1zYXvP07cNw1T2b3h7EM4U0fRdBkIyJ1peoz0t6uraM8E2sKRW+5oj/Cz97
1pTcS0KLr7iYQU2xNpYVsLOBhBKym/oOTPBCROC1gH8Ey16rNVNTxqPW2qz0JMQgO1cu4S/EcuqV
1QzZc4QNCPsTO6L/mKrkcvchXzD0bpxPz2CNxOARW1s4Ip510NLNpIMiLeqstQnlv76zvgegmfpF
86/dH+bDHnqMJiH91EIm3r5g6mdqKRth23VHTmMVS3NVXasEOVWMgb5mGn7vkvqeOMfUP9a4Mggy
xfxHJ+tMYwkb8yE9t7P9vzVOXrwhkbWtmaNXuHxnJvM7Jn8j8GRpCDwl3BPEPY2QOjNnSWjPqbED
FIOQX24V7RUE2o/pa2cJn1hZ21gfsHeYZQ3JyUbcPsH/3JJ53RzWIsCLJ+Bg86I8uXfTfPt8v6Jq
UdPg8HAs1Ay5AbzLu/TeUNa+ut5xO7ppGGQbZoYTGzDefu+3XSUiKn+TGjgDv0LgCjo5irFklL/b
mR9KB++RqVPTmCYTlVBvcX6W72OL4QYgFiY9dg0xggNDMIIDPwIBATCBgDB5MRAwDgYDVQQKEwdS
b290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQg
U2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEsqO
MA0GCWCGSAFlAwQCAQUAoIIBkzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
BTEPFw0xOTA3MjIxMDQ3MjNaMC8GCSqGSIb3DQEJBDEiBCAdx7+kHes2BqnwL9KkO6lkRqXqz03H
O+JWbY9ERUmvoTCBkQYJKwYBBAGCNxAEMYGDMIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNV
BAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhv
cml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMSyo4wgZMGCyqGSIb3DQEJ
EAILMYGDoIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0
Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
c3VwcG9ydEBjYWNlcnQub3JnAgMSyo4wDQYJKoZIhvcNAQEBBQAEggEAo2CHBSeV1myoDAc8BGZJ
C9sAyuu9WOlDcYdjFU69oaqWYujOrMy0iRthKNGx803F7zkGtwK4wb67Y5sbfb8tmKkzywllyyd9
sTgU+CCIKoZfqsfRH+XHOomwsubEdTU4r8I04TrqfegqJZzQtvpc2hRPpLQHV8suiUMtJTXYP+jo
YHWekFxqcVr+7Gv4qO2hOTCcK4/e8ZyJ76dfPUzwSRWGfxmxTrbAvixB0Bb9fIkZKxHwkKoX2Se0
T2+vm3sM36EjE7E4i6dFi/UnXEeQcQG/PExjNDXm1tzcfPjJsQ3cJqN5wzZamJZ157j7ujlVAk56
yMMkOSxjnAgYsOp9PgAAAAAAAA==
--Apple-Mail-629E45BF-B005-41F4-89A7-2C4ED3D05467--
--===============4732139376941087703==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============4732139376941087703==--
