Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: cifs.upcall issue, requests new kerberos service ticket all the time
Operating Systems Linux cifs.upcall issue, requests new kerberos service ticket all the time Post 302621557 by thmnetwork on Tuesday 10th of April 2012 03:58:26 PM
Old 04-10-2012
cifs.upcall issue, requests new kerberos service ticket all the time
This is more of an annoyance than an actual production issue. I've set it up so that each user's home directory is mounted to an immediate subdirectory of $HOME when they login, (and umounts when they log out to keep /proc/mounts a manageable size).

My issue comes in when my login scripts (autofs wasn't workable for what I needed) didn't check to see if their AD home directory was mounted or not, it mounted over top of the other directory (that part was expected given the bug) but it looks like it kept requesting new kerberos service tickets as well, never re-using the service tickets that were already present in the user's credential cache.

Obviously, this can't be how it's intended to function but I'm all new to kerberized VFS mounts/request-key.conf so I don't know where to begin looking. Are the service tickets likely not in their session key ring (as in: do I need to play around with keyutils some more?).

Any help or direction would be appreciated.
- Joel
 

6 More Discussions You Might Find Interesting

1. HP-UX

LDAP/Kerberos Issue

I am getting the following error message when trying to login to the client: while verifying tgt If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23 Does anyone have any ideas? (1 Reply)
Discussion started by: dhernand
1 Replies

2. BSD

Kerberos log file does not log when ticket is destroyed

Hi, in the log file there is line when the ticket is issued but when an user destroys the ticket there is no record. Does someone have an idea? (0 Replies)
Discussion started by: gaspar
0 Replies

3. Red Hat

Issue with mounts CIFS

I donot know much about CIFS but i have been asked to look into an issue related to mounting CIFS filesystem On my redhat 5.6 the /etc/fstab file has the following entry //172.25.x.x/de0/ /dir1/de0 cifs username=bodsadm,password=12345,dir_mode=0777,file_mode=0777,uid=de0adm,gid=sapsys,rw 0 0... (2 Replies)
Discussion started by: Tirmazi
2 Replies

4. UNIX and Linux Applications

Slackware: mount cifs with kerberos

On Slackware14.0 Compiled cifs-utils with kerberos support on request-key.conf added create cifs.spnego * * /usr/sbin/cifs.upcall %k %d But when i try mount -o sec=krb5 -t cifs //SLACK64//Users /media/users mount error(38): Function not implemented Refer to the... (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

5. Solaris

Kerberos Ticket expiry warning message

Hi, was wondering if its possible to change the default warning message text that notifies users that their kerberos ticket is due to expire in xx minutes. I am using Kerberos 5 on Sol 10. Can't find anything in man pages, so hoping its maybe an undocumented feature. I'd like to make the... (1 Reply)
Discussion started by: melias
1 Replies

6. Shell Programming and Scripting

awk script to find time difference between HTTP PUT and HTTP DELETE requests in access.log

Hi, I'm trying to write a script to determine the time gap between HTTP PUT and HTTP DELETE requests in the HTTP Servers access log. Normally client will do HTTP PUT to push content e.g. file_1.txt and 21 seconds later it will do HTTP DELETE, but sometimes the time varies causing some issues... (3 Replies)
Discussion started by: Juha
3 Replies

LEARN ABOUT CENTOS

k5login

K5LOGIN(5)							   MIT Kerberos 							K5LOGIN(5)

NAME

       k5login - Kerberos V5 acl file for host access

DESCRIPTION

       The  .k5login  file, which resides in a user's home directory, contains a list of the Kerberos principals.  Anyone with valid tickets for a
       principal in the file is allowed host access with the UID of the user in whose home directory the file resides.	One common use is to place
       a .k5login file in root's home directory, thereby granting system administrators remote root access to the host via Kerberos.

EXAMPLES

       Suppose the user alice had a .k5login file in her home directory containing the following line:

	      bob@FOOBAR.ORG

       This would allow bob to use Kerberos network applications, such as ssh(1), to access alice's account, using bob's Kerberos tickets.

       Let  us	further  suppose  that	alice is a system administrator.  Alice and the other system administrators would have their principals in
       root's .k5login file on each host:

	      alice@BLEEP.COM

	      joeadmin/root@BLEEP.COM

       This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root pass-
       word.   Note  that  because bob retains the Kerberos tickets for his own principal, bob@FOOBAR.ORG, he would not have any of the privileges
       that require alice's tickets, such as root access to any of the site's hosts, or the ability to change alice's password.

SEE ALSO

       kerberos(1)

AUTHOR

       MIT

COPYRIGHT

       1985-2013, MIT

1.11.3																	K5LOGIN(5)
All times are GMT -4. The time now is 02:51 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy