[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re: SV: pkinit and nfs
From: "Douglas E. Engert" <deengert () anl ! gov>
Date: 2011-10-17 18:39:02
Message-ID: 4E9C7646.9080806 () anl ! gov
[Download RAW message or body]
On 10/17/2011 3:21 AM, Martinsson Patrik wrote:
> Well yes, however if you add
> pkinit_identities = PKCS11:path-to-smartcardlib
> to the [libdefaults] section of your krb5.conf, the rpc.gssd will segfault.
Do you have the core file from this (or from the kinit failure) or can you
force a core file, then get a stack trace?
Does this fail with other PKCS#11 libraries Can you try with opensc-pkcs11.so?
Can you do an ldd command on the libiidp11.so and on kinit or tpc.gssd
to see what other libs each needs?
This could be a linking problem with libiidp11.so, where is ends up using the wrong
version of some lib used by kinit.
>
> In my world that means that rpc.gssd reads the pkinit-option in some way, but I'm \
> not sure.
> Best regards,
> Patrik Martinsson, Sweden.
>
>
>
>
>
> Från: Frank Cusack [mailto:frank@tenpedal.com]
> Skickat: den 14 oktober 2011 20:04
> Till: Martinsson Patrik
> Kopia: kerberos@mit.edu
> Ämne: Re: pkinit and nfs
>
> On Fri, Oct 14, 2011 at 1:56 AM, Martinsson \
> Patrik<patrik.martinsson@smhi.se<mailto:patrik.martinsson@smhi.se>> wrote: How do \
> I setup krb5.conf to get nfs not use pkinit, whilst when for example doing a \
> regular "kinit" pkinit should be used.
> "nfs", i.e. rpc.gssd, does not use pkinit ever. It uses only a keytab.
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic