我正在尝试使用includedir创建nfs kerberos配置。上下文如下:
当我将realms和domain realms放在krb5.conf文件中时,我可以挂载我的nfs共享。当我使用includedir标记时,认为不会有效。
这是我的krb5.conf
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
allow_weak_crypto = false
这是默认hadoop领域的配置文件
[libdefaults]
default_realm = TEST.REALM.COM
TEST.REALM.COM = {
ticket_lifetime = 1d
renew_lifetime = 14d
}
[realms]
TEST.REALM.COM = {
kdc = admhadoop1.realm.com
kdc = admhadoop1.realm.com
admin_server = admhadoop1.realm.com
}
[domain_realm]
.realm.com = TEST.REALM.COM
realm.com = TEST.REALM.COM
这是nfs领域的配置
[libdefaults]
NFS.ANOTHER.REALM.COM = {
ticket_lifetime = 14d
renew_lifetime = 180d
}
[realms]
NFS.ANOTHER.REALM.COM = {
kdc = admnfs1.realm.com
kdc = admnfs2.realm.com
admin_server = admnfs1.realm.com
}
[domain_realm]
nfs01.realm.com = NFS.ANOTHER.REALM.COM
/etc/krb5.keytab仅包含test01服务器的用户主机,nfs和root
当我尝试从nfs01.realm.com安装共享时,使用此配置,我会遇到这种错误:
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a185b0 data 0x7fff55a18480
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt16)
rpc.gssd[7078]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
rpc.gssd[7078]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt16)
rpc.gssd[7078]: process_krb5_upcall: service is '<null>'
rpc.gssd[7078]: Full hostname for 'nfs01.realm.com' is 'nfs01.realm.com'
rpc.gssd[7078]: Full hostname for 'test01.realm.com' is 'test01.realm.com'
rpc.gssd[7078]: No key table entry found for TEST01$@TEST.REALM.COM while getting keytab entry for 'TEST01$@TEST.REALM.COM'
rpc.gssd[7078]: No key table entry found for root/test01.realm.com@TEST.REALM.COM while getting keytab entry for 'root/test01.realm.com@TEST.REALM.COM
rpc.gssd[7078]: No key table entry found for nfs/test01.realm.com@TEST.REALM.COM while getting keytab entry for 'nfs/test01.realm.com@TEST.REALM.COM
rpc.gssd[7078]: No key table entry found for host/test01.realm.com@TEST.REALM.COM while getting keytab entry for 'host/test01.realm.com@TEST.REALM.COM
rpc.gssd[7078]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host nfs01.realm.com
rpc.gssd[7078]: ERROR: No credentials found for connection to server nfs01.realm.com
rpc.gssd[7078]: doing error downcall
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt17
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
看起来nfs deamon不适用于includedir标记。
您怎么看?
答案 0 :(得分:0)
问题在于,所包含目录中的文件应该只有alphanumerical个名称(“-”和“_”),但没有“.”之类的就我而言。