Hi,
I have setup a PNFS server (NFSv4 only) with kerberos (heimdal) and I have a problem with gssd.
I want to use kerberos on PNFS MDS as a NFS client to its PNFS DSs and as a NFS Server to its NFS clients which is connect to the PNFS MDS itself.
But let's break down the problem. I can not use gssd with -h flag AND work with a NFS share with kerberos ticket (
on the NFS Client (or technically the PNFS MDS):
/etc/rc.conf
When I mount the NFS share I can not work with its directory:
But without the -h flag it works perfectly and my clients can connect to the PNFS MDS with AUTH_SYS and my PNFS MDS can connect to the PNFS DS with krb5p
Any Ideas?
I have setup a PNFS server (NFSv4 only) with kerberos (heimdal) and I have a problem with gssd.
I want to use kerberos on PNFS MDS as a NFS client to its PNFS DSs and as a NFS Server to its NFS clients which is connect to the PNFS MDS itself.
But let's break down the problem. I can not use gssd with -h flag AND work with a NFS share with kerberos ticket (
-sec=krb5i:krb5p
).on the NFS Client (or technically the PNFS MDS):
/etc/rc.conf
Code:
...
nfsuserd_enable="YES"
gssd_enable="YES"
gssd_flags="-h"
nfs_client_enable="YES"
...
When I mount the NFS share I can not work with its directory:
Code:
client:~ #mount_nfs -o vers=4,nfsv4,minorversion=2,sec=krb5p,gssname=host server.domain.net:/ /storage/ds/
client:~ #touch /storage/ds/ds0/test123
touch: /storage/ds/ds0/test123: Permission denied
But without the -h flag it works perfectly and my clients can connect to the PNFS MDS with AUTH_SYS and my PNFS MDS can connect to the PNFS DS with krb5p
Any Ideas?