Hi Authenticated users cannot write to a Kerberized NFS mounted share. Here is the mount command: mount -t nfs hh30:/home2 /mnt -orw,sec=krb5,vers=3 Here is the mount: hh30:/home2/ on /mnt type nfs (rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5,mountaddr=192.168.1.30,mountvers=3,mountport=48880,mountproto=udp,local_lock=none,addr=192.168.1.30) Here is a sample session: su lynn2 Password: lynn2@hh30:/home/steve> cd ~ lynn2@hh30:~> id uid=3000024(lynn2) gid=20513(Domain Users) groups=20513(Domain Users) lynn2@hh30:~> cd /mnt/home/lynn2 lynn2@hh30:/mnt/home/lynn2> id uid=3000024(lynn2) gid=20513(Domain Users) groups=20513(Domain Users) lynn2@hh30:/mnt/home/lynn2> ls -l total 0 -rw-r--r-- 1 lynn2 Domain Users 0 Aug 12 10:40 j -rw-r--r-- 1 lynn2 Domain Users 0 Aug 12 11:00 j2 lynn2@hh30:/mnt/home/lynn2> touch j3 touch: cannot touch ‘j3’: Permission denied And I cannot write to my own home NFS exported directory. Notice how 3 _three_ tickets have been issued: -rw------- 1 lynn2 Domain Users 1150 Aug 12 11:08 krb5cc_3000024_4KC2jj -rw------- 1 lynn2 Domain Users 1150 Aug 12 11:08 krb5cc_3000024_dbxlfk -rw------- 1 lynn2 Domain Users 1150 Aug 12 11:03 krb5cc_3000024_jWkcYr cat /etc/exports /home2 *(rw,sec=sys:krb5,no_subtree_check,insecure) ps aux | grep rpc root 369 0.0 0.2 2648 1056 ? Ss 10:05 0:00 /sbin/rpcbind -w -f root 1532 0.0 0.0 0 0 ? S< 10:05 0:00 [rpciod] root 3458 0.0 0.4 4428 2336 ? Ss 10:42 0:00 /usr/sbin/rpc.gssd root 3715 0.0 0.3 4304 1752 ? Ss 10:50 0:00 /usr/sbin/rpc.svcgssd statd 3721 0.0 0.2 2828 1228 ? Ss 10:50 0:00 /usr/sbin/rpc.statd --no-notify root 3726 0.0 0.2 3396 1424 ? Ss 10:50 0:00 /usr/sbin/rpc.mountd --no-nfs-version 4 lynn2 4191 0.0 0.1 4176 804 pts/3 S+ 11:16 0:00 grep --color=auto rpc Here is the Kerberos authentication log: Kerberos: Looking for PKINIT pa-data -- lynn2@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- lynn2@HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- lynn2@HH3.SITE Kerberos: AS-REQ lynn2@HH3.SITE from ipv4:192.168.1.30:43721 for krbtgt/HH3.SITE@HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- lynn2@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- lynn2@HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- lynn2@HH3.SITE using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2012-08-12T11:18:25 starttime: unset endtime: 2012-08-12T21:18:25 renew till: 2012-08-13T11:18:22 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using arcfour-hmac-md5/arcfour-hmac-md5 Kerberos: Requested flags: renewable-ok On 12.1 this works perfectly. One ticket is issued and I can write to he exported NFS share without problems. Can anyone get this fixed for 12.2 or point me in the right direction? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org