[Bug 473073] New: I can't set nfs4 client with gss and nfs3 server without gss in the same time
https://bugzilla.novell.com/show_bug.cgi?id=473073 Summary: I can't set nfs4 client with gss and nfs3 server without gss in the same time Classification: openSUSE Product: openSUSE 11.2 Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: nfbrown@novell.com ReportedBy: postadal@novell.com QAContact: qa@suse.de Found By: --- Because nfsserver and nfs init scripts use for configuration same NFS_SECURITY_GSS and NFS4_SUPPORT options, I can't configure nfs server and nfs clients on the same machine independently. I need to set NFS_SECURITY_GSS and NFS4_SUPPORT for nfs client, but I want nfs3 server running in the same time. Is any reason why both stripts share these same options? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=473073 User nfbrown@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=473073#c1 Neil Brown <nfbrown@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #1 from Neil Brown <nfbrown@novell.com> 2009-02-05 18:44:33 MST --- Setting NFS_SECURITY_GSS and NFS4_SUPPORT does not impose the use of GSS and NFSv4, it only supports it. i.e. it starts various daemons that are needed for those services to work. You still get to have a NFSv3 server running even if you select NFS4_SUPPORT. NFS4_SUPPORT causes the "rpc.idmapd" daemon to be run. This one daemon is needed for both server and client. So it would make no sense having separate setting for server and client. NFS_SECURITY_GSS does do something slightly different for server and client, but having separate switches wouldn't help a lot. The key issue here is "have you configured kerberos on your computer". If so, you may as well start the gss daemon for whichever of 'nfs' and 'nfsd' you are using. If not, starting neither daemon is best. So: you should be able to do what you want by setting both options to 'yes'. The nfs3 server without 'gss' should still work fine. If you try and find something is actually not working, please re-open this bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=473073 User postadal@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=473073#c2 --- Comment #2 from Petr Ostadal <postadal@novell.com> 2009-02-06 03:03:11 MST --- I have configured kerberos and nfs4 client and it works well. But when I want to run nfs3 server without gss support I got following errors: rcnfsserver start Starting kernel based NFS server: svcgssdstartproc: exit status of parent of /usr/sbin/rpc.svcgssd: 1 failed in /var/log/messages Feb 6 11:00:38 basiliscus rpc.svcgssd[13339]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name Feb 6 11:00:38 basiliscus rpc.svcgssd[13339]: Unable to obtain credentials for 'nfs' Feb 6 11:00:38 basiliscus rpc.svcgssd[13339]: unable to obtain root (machine) credentials Feb 6 11:00:38 basiliscus rpc.svcgssd[13339]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? What I have to set for nfs server, if I don't need to have gss support for nfs server? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com