cifs.upcall issue, requests new kerberos service ticket all the time Post: 302621557

Sponsored Content

Operating Systems Linux cifs.upcall issue, requests new kerberos service ticket all the time Post 302621557 by thmnetwork on Tuesday 10th of April 2012 03:58:26 PM

04-10-2012

Registered User

cifs.upcall issue, requests new kerberos service ticket all the time

This is more of an annoyance than an actual production issue. I've set it up so that each user's home directory is mounted to an immediate subdirectory of $HOME when they login, (and umounts when they log out to keep /proc/mounts a manageable size).

My issue comes in when my login scripts (autofs wasn't workable for what I needed) didn't check to see if their AD home directory was mounted or not, it mounted over top of the other directory (that part was expected given the bug) but it looks like it kept requesting new kerberos service tickets as well, never re-using the service tickets that were already present in the user's credential cache.

Obviously, this can't be how it's intended to function but I'm all new to kerberized VFS mounts/request-key.conf so I don't know where to begin looking. Are the service tickets likely not in their session key ring (as in: do I need to play around with keyutils some more?).

Any help or direction would be appreciated.
- Joel

thmnetwork

View Public Profile for thmnetwork

Find all posts by thmnetwork

6 More Discussions You Might Find Interesting

1. HP-UX

LDAP/Kerberos Issue

I am getting the following error message when trying to login to the client: while verifying tgt If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23 Does anyone have any ideas?

2. BSD

Kerberos log file does not log when ticket is destroyed

Hi, in the log file there is line when the ticket is issued but when an user destroys the ticket there is no record. Does someone have an idea?

3. Red Hat

Issue with mounts CIFS

I donot know much about CIFS but i have been asked to look into an issue related to mounting CIFS filesystem On my redhat 5.6 the /etc/fstab file has the following entry //172.25.x.x/de0/ /dir1/de0 cifs username=bodsadm,password=12345,dir_mode=0777,file_mode=0777,uid=de0adm,gid=sapsys,rw 0 0...

4. UNIX and Linux Applications

Slackware: mount cifs with kerberos

On Slackware14.0 Compiled cifs-utils with kerberos support on request-key.conf added create cifs.spnego * * /usr/sbin/cifs.upcall %k %d But when i try mount -o sec=krb5 -t cifs //SLACK64//Users /media/users mount error(38): Function not implemented Refer to the...

5. Solaris

Kerberos Ticket expiry warning message

Hi, was wondering if its possible to change the default warning message text that notifies users that their kerberos ticket is due to expire in xx minutes. I am using Kerberos 5 on Sol 10. Can't find anything in man pages, so hoping its maybe an undocumented feature. I'd like to make the...

6. Shell Programming and Scripting

awk script to find time difference between HTTP PUT and HTTP DELETE requests in access.log

Hi, I'm trying to write a script to determine the time gap between HTTP PUT and HTTP DELETE requests in the HTTP Servers access log. Normally client will do HTTP PUT to push content e.g. file_1.txt and 21 seconds later it will do HTTP DELETE, but sometimes the time varies causing some issues...

LEARN ABOUT PHP

login.krb5

LOGIN(8)						      System Manager's Manual							  LOGIN(8)

NAME

       login.krb5 - kerberos enhanced login program

SYNOPSIS

       login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]

DESCRIPTION

       login.krb5  is a modification of the BSD login program which is used for two functions.	It is the sub-process used by krlogind and telnetd
       to initiate a user session and it is a replacement for the command-line login program which, when invoked with a  password,  acquires  Ker-
       beros tickets for the user.

       login.krb5  will  prompt  for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This
       password will be used to acquire Kerberos Version 5 tickets (if possible.) It will also attempt to run aklog to	get  AFS  tokens  for  the
       user.  The  version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting
       the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally	allowed  (permitting  use  of  the
       machine in case of network failure.)

OPTIONS

       -p     preserve the current environment

       -r hostname
	      pass hostname to rlogind.  Must be the last argument.

       -h hostname
	      pass hostname to telnetd, etc.  Must be the last argument.

       -f name
	      Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.

       -F name
	      Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.

       -e name
	      Perform pre-authenticated, encrypted login.  Must do term negotiation.

CONFIGURATION

       login.krb5  is  also  configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro-
       vided:

       krb5_get_tickets
	      Use password to get V5 tickets. Default value true.

       krb_run_aklog
	      Attempt to run aklog. Default value false.

       aklog_path
	      Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.

       accept_passwd
	      Don't accept plaintext passwords [not yet implemented]. Default value false.

DIAGNOSTICS

       All diagnostic messages are returned on the connection or tty associated with stderr.

SEE ALSO

       rlogind(8), rlogin(1), telnetd(8)

																	  LOGIN(8)