0
我試圖用includedir創建一個nfs kerberos配置。上下文如下:rpc.gssd -krb5.conf with includedir
- 默認域指向TEST.REALM.COM(Hadoop的安裝)
- NAS/NFS境界指向NFS.ANOTHER.REALM.COM
當我把所有realms和domain realms在krb5.conf文件中,我可以掛載我的nfs共享。當我使用includedir標籤時,認爲不會奏效。
這裏是我的krb5.conf
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
allow_weak_crypto = false
下面是默認的Hadoop領域
[libdefaults]
default_realm = TEST.REALM.COM
TEST.REALM.COM = {
ticket_lifetime = 1d
renew_lifetime = 14d
}
[realms]
TEST.REALM.COM = {
kdc = admhadoop1.realm.com
kdc = admhadoop1.realm.com
admin_server = admhadoop1.realm.com
}
[domain_realm]
.realm.com = TEST.REALM.COM
realm.com = TEST.REALM.COM
這裏的配置文件是NFS領域的配置只
[libdefaults]
NFS.ANOTHER.REALM.COM = {
ticket_lifetime = 14d
renew_lifetime = 180d
}
[realms]
NFS.ANOTHER.REALM.COM = {
kdc = admnfs1.realm.com
kdc = admnfs2.realm.com
admin_server = admnfs1.realm.com
}
[domain_realm]
nfs01.realm.com = NFS.ANOTHER.REALM.COM
的/etc/krb5.keytab包含test01服務器的用戶主機,nfs和root
白衣這種配置,當我嘗試從nfs01.realm.com安裝一個份額,我會得到這樣的錯誤:
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a185b0 data 0x7fff55a18480
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt16)
rpc.gssd[7078]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
rpc.gssd[7078]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt16)
rpc.gssd[7078]: process_krb5_upcall: service is '<null>'
rpc.gssd[7078]: Full hostname for 'nfs01.realm.com' is 'nfs01.realm.com'
rpc.gssd[7078]: Full hostname for 'test01.realm.com' is 'test01.realm.com'
rpc.gssd[7078]: No key table entry found for [email protected] while getting keytab entry for '[email protected]'
rpc.gssd[7078]: No key table entry found for root/[email protected] while getting keytab entry for 'root/[email protected]
rpc.gssd[7078]: No key table entry found for nfs/[email protected] while getting keytab entry for 'nfs/[email protected]
rpc.gssd[7078]: No key table entry found for host/[email protected] while getting keytab entry for 'host/[email protected]
rpc.gssd[7078]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host nfs01.realm.com
rpc.gssd[7078]: ERROR: No credentials found for connection to server nfs01.realm.com
rpc.gssd[7078]: doing error downcall
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt17
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
它看起來像NFS守護進程沒有按不與includedir標籤工作。
您認爲如何?