The NFS client caches credentials and doesn't expose a way for kdestroy (or any other tool AFAIK to clear them).
How to reproduce:
Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
kinit user1
ls ~user1 #Test user1 permissions, this should always succeed (and does)
kdestroy #should destroy user1 permissions
kinit user2
ls ~user2# this should succeed, but it fails
ls ~user1# this should fail, but it still works!
The NFS client caches credentials and doesn't expose a way for kdestroy (or any other tool AFAIK to clear them).
How to reproduce:
Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
kinit user1
ls ~user1 #Test user1 permissions, this should always succeed (and does)
kdestroy #should destroy user1 permissions
kinit user2
ls ~user2# this should succeed, but it fails
ls ~user1# this should fail, but it still works!
This appears to be known upstream: www.citi. umich.edu/ projects/ nfsv4/linux/ faq/#krb5_ 006
http://
Bits and pieces of an earlier attempt at a fix: www.spinics. net/lists/ linux-nfs/ msg34236. html www.citi. umich.edu/ projects/ asci/icsi- alpha/nfs- utils-patches/ 1.0.10- asci-2/ nfs-utils- 1.0.10- asci-017- add_nfslogin. dif
http://
nfslogin/logout prototype http://
Another bug request: https:/ /fedorahosted. org/gss- proxy/ticket/ 1 (and linked discussion) /bugs.launchpad .net/ubuntu/ +source/ linux/+ bug/1424727
Launchpad bug: https:/
Workarounds:
Unmount/Mount NFS share