[33433] in Kerberos
Re: Strange (klist) behaviour
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu May 26 16:07:36 2011
From: Greg Hudson <ghudson@mit.edu>
To: =?ISO-8859-1?Q?Bj=F8rge?= Solli <Bjorge.Solli@adm.uib.no>
In-Reply-To: <4DDE162C.90308@uib.no>
Date: Thu, 26 May 2011 15:54:08 -0400
Message-ID: <1306439648.2034.382.camel@t410>
Mime-Version: 1.0
Cc: "netapp@uib.no" <netapp@uib.no>, "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, 2011-05-26 at 04:58 -0400, Bjørge Solli wrote:> I have a situation when testing our brand new NetApp (NAS) as NFS4+krb5 > home dirs. Tickets from our KDC dissapears, but seems to have no affect > on usage, and then appears again by itself after some time. We don't do > anything active to get the ticket back, but I gather something is > triggering it. The strange thing is that I was expecting the lack of > ticket to shut the user out from his home dir.
Everything other than the krbtgt ticket is just a performanceoptimization; service tickets are obtained from the KDC when necessary.The lack of a service ticket in the ccache does not generally result indenial of service.
I suspect the service ticket is "disappearing" when tickets are obtainedor renewed, and reappearing when rpc.gssd needs to establish a newsecurity context with the NFS server. I can't say for sure, though.
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
