cifs.upcall issue, requests new kerberos service ticket all the time
This is more of an annoyance than an actual production issue. I've set it up so that each user's home directory is mounted to an immediate subdirectory of $HOME when they login, (and umounts when they log out to keep /proc/mounts a manageable size).
My issue comes in when my login scripts (autofs wasn't workable for what I needed) didn't check to see if their AD home directory was mounted or not, it mounted over top of the other directory (that part was expected given the bug) but it looks like it kept requesting new kerberos service tickets as well, never re-using the service tickets that were already present in the user's credential cache.
Obviously, this can't be how it's intended to function but I'm all new to kerberized VFS mounts/request-key.conf so I don't know where to begin looking. Are the service tickets likely not in their session key ring (as in: do I need to play around with keyutils some more?).
Any help or direction would be appreciated.
- Joel
Hi,
I'm trying to write a script to determine the time gap between HTTP PUT and HTTP DELETE requests in the HTTP Servers access log.
Normally client will do HTTP PUT to push content e.g. file_1.txt and 21 seconds later it will do HTTP DELETE, but sometimes the time varies causing some issues... (3 Replies)
Hi, was wondering if its possible to change the default warning message text that notifies users that their kerberos ticket is due to expire in xx minutes. I am using Kerberos 5 on Sol 10.
Can't find anything in man pages, so hoping its maybe an undocumented feature. I'd like to make the... (1 Reply)
On Slackware14.0
Compiled cifs-utils with kerberos support
on request-key.conf added
create cifs.spnego * * /usr/sbin/cifs.upcall %k %d
But when i try
mount -o sec=krb5 -t cifs //SLACK64//Users /media/users
mount error(38): Function not implemented
Refer to the... (1 Reply)
I donot know much about CIFS but i have been asked to look into an issue related to mounting CIFS filesystem
On my redhat 5.6 the /etc/fstab file has the following entry
//172.25.x.x/de0/ /dir1/de0 cifs username=bodsadm,password=12345,dir_mode=0777,file_mode=0777,uid=de0adm,gid=sapsys,rw 0 0... (2 Replies)
Hi,
in the log file there is line when the ticket is issued but when an user destroys the ticket there is no record.
Does someone have an idea? (0 Replies)
I am getting the following error message when trying to login to the client:
while verifying tgt
If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23
Does anyone have any ideas? (1 Reply)
klist(8krb)klist(8krb)Name
klist - lists currently held Kerberos tickets
Syntax
/usr/bin/klist [ -s | -t ] [ -file [filename] ] [ -srvtab ]
Arguments
filename The name of the Kerberos ticket file.
Description
The command allows you to print the name of the ticket file, the identity of the principal requesting the tickets (as listed in the ticket
file), and the principal names of all the Kerberos tickets currently held by the user (along with the issue and expiration times for each
authenticator). Principal names are listed in the form:
name.instance@realm
The period (.) is omitted if the instance is null, and the at sign (@) is omitted if the realm is null.
The command also enables you to print the entries in the file. If the -srvtab option is selected, will print the service name, instance
name, realm name, and key version of all services listed in the file.
Options-s Suppresses the printing of the issue and expiration times, the name of the ticket file, or the identity of the principal.
-t Checks for the existence of an unexpired ticket-granting-ticket in the ticket file. If one is present, exits with status of zero(0). Otherwise, it exits with status 1. No output is generated when this option is specified.
-file Causes the following argument to be used as the ticket file. Otherwise, the file is used, where is the user ID of the process.
-srvtab
Indicates that data should be printed. If the -file switch is not used, the data is read from the default file,
Restrictions
User-level authentication is not supported. However, by naming the file with the option, you can look at the tickets generated by
Files
Default file
To get the name of the local realm
The default ticket file
The file containing tickets generated by
See Alsokinit(8krb), kdestroy(8krb)klist(8krb)