On Sat, Jun 25, 2011 at 09:15:42PM -0000, Brian the Lion wrote:
> @Steve: I have not. What would the procedure for that look like? Purge
> the existing nfs-utils deb, and then build and install nfs-utils from
> source?
Yes, that would work.
> Is there anything I can do to further pinpoint the problem before I try
> that?
Not that I know of.
On Sat, Jun 25, 2011 at 11:54:37PM -0000, Brian the Lion wrote:
> Another theory: nslcd is trying to refresh the client's kerberos ticket
> via LDAP. It is failing because, unlike the user principles, the nfs
> principles do not have LDAP entries. Should they? Or is there a way to
> tell the nfs clients to not use LDAP?
I have no idea how this would work... I would say that if nslcd can get
*any* kerberos tickets via LDAP, that's a misconfiguration of the directory,
since that would bypass the Kerberos security model. NFS clients are
certainly not "using LDAP" to get kerberos tickets, anyway.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>
On Sat, Jun 25, 2011 at 09:15:42PM -0000, Brian the Lion wrote:
> @Steve: I have not. What would the procedure for that look like? Purge
> the existing nfs-utils deb, and then build and install nfs-utils from
> source?
Yes, that would work.
> Is there anything I can do to further pinpoint the problem before I try
> that?
Not that I know of.
On Sat, Jun 25, 2011 at 11:54:37PM -0000, Brian the Lion wrote:
> Another theory: nslcd is trying to refresh the client's kerberos ticket
> via LDAP. It is failing because, unlike the user principles, the nfs
> principles do not have LDAP entries. Should they? Or is there a way to
> tell the nfs clients to not use LDAP?
I have no idea how this would work... I would say that if nslcd can get
*any* kerberos tickets via LDAP, that's a misconfiguration of the directory,
since that would bypass the Kerberos security model. NFS clients are
certainly not "using LDAP" to get kerberos tickets, anyway.
-- www.debian. org/
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://
<email address hidden> <email address hidden>