[SOLVED] nfsv4+krb5

Здравствуйте!

Не получается настроить связку nfsv4+kerberos.
На сервере (arctur) и клиенте (trya) стоит mit-krb5-1.8.3
kerberos настраивал первый раз по мануалу с оф.сайта, вроде работает (ticket'ы раздает).
В kerberos есть principal: nfs/trya
Его credential содержится на клиенте в /etc/krb5.keytab

при попытке монтирования

$ mount -t nfs4 -o sec=krb5 arctur.home:/ /mnt/nfs

Получаю в логах:

Feb 23 22:09:49 trya rpc.gssd[3864]: Full hostname for 'arctur' is 'arctur'
Feb 23 22:09:49 trya rpc.gssd[3864]: Full hostname for 'trya' is 'trya'
Feb 23 22:09:49 trya rpc.gssd[3864]: Key table entry not found while getting keytab entry for 'root/trya@'
Feb 23 22:09:49 trya rpc.gssd[3864]: Success getting keytab entry for 'nfs/trya@'
Feb 23 22:09:49 trya rpc.gssd[3864]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_HOME' are good until 1298524143
Feb 23 22:09:49 trya rpc.gssd[3864]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_HOME' are good until 1298524143
Feb 23 22:09:49 trya rpc.gssd[3864]: using FILE:/tmp/krb5cc_machine_HOME as credentials cache for machine creds
Feb 23 22:09:49 trya rpc.gssd[3864]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_HOME
Feb 23 22:09:49 trya rpc.gssd[3864]: creating context using fsuid 0 (save_uid 0)
Feb 23 22:09:49 trya rpc.gssd[3864]: creating tcp client for server arctur
Feb 23 22:09:49 trya rpc.gssd[3864]: DEBUG: port already set to 2049
Feb 23 22:09:49 trya rpc.gssd[3864]: creating context with server nfs@arctur
Feb 23 22:09:49 trya rpc.gssd[3864]: in authgss_create_default()
Feb 23 22:09:49 trya rpc.gssd[3864]: in authgss_create()
Feb 23 22:09:49 trya rpc.gssd[3864]: authgss_create: name is 0x16e2a90
Feb 23 22:09:49 trya rpc.gssd[3864]: authgss_create: gd->name is 0x16e2660
Feb 23 22:09:49 trya rpc.gssd[3864]: in authgss_refresh()
Feb 23 22:09:49 trya rpc.gssd[3864]: struct rpc_gss_sec:
Feb 23 22:09:49 trya rpc.gssd[3864]:      mechanism_OID: { 1 2 134 72 134 247 18 1 2 2 }
Feb 23 22:09:49 trya rpc.gssd[3864]:      qop: 0
Feb 23 22:09:49 trya rpc.gssd[3864]:      service: 1
Feb 23 22:09:49 trya rpc.gssd[3864]:      cred: 0x16e45d0
Feb 23 22:09:49 trya rpc.gssd[3864]:      req_flags: 00000002
Feb 23 22:09:49 trya rpc.gssd[3864]: in authgss_marshal()
Feb 23 22:09:49 trya rpc.gssd[3864]: xdr_rpc_gss_buf: encode success ((nil):0)
Feb 23 22:09:49 trya rpc.gssd[3864]: xdr_rpc_gss_cred: encode success (v 1, proc 1, seq 0, svc 1, ctx (nil):0)
Feb 23 22:09:49 trya rpc.gssd[3864]: xdr_rpc_gss_buf: encode success (0x16ec0e0:534)
Feb 23 22:09:49 trya rpc.gssd[3864]: xdr_rpc_gss_init_args: encode success (token 0x16ec0e0:534)
Feb 23 22:09:49 trya rpc.gssd[3864]: in authgss_validate()
Feb 23 22:09:49 trya rpc.gssd[3864]: xdr_rpc_gss_buf: decode success ((nil):0)
Feb 23 22:09:49 trya rpc.gssd[3864]: xdr_rpc_gss_buf: decode success ((nil):0)
Feb 23 22:09:49 trya rpc.gssd[3864]: xdr_rpc_gss_init_res decode success (ctx (nil):0, maj 851968, min -1765328240, win 128, token (nil):0)
Feb 23 22:09:49 trya rpc.gssd[3864]: authgss_create_default: freeing name 0x16e2a90
Feb 23 22:09:49 trya rpc.gssd[3864]: WARNING: Failed to create krb5 context for user with uid 0 for server arctur
Feb 23 22:09:49 trya rpc.gssd[3864]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_HOME for server arctur
Feb 23 22:09:49 trya rpc.gssd[3864]: WARNING: Failed to create machine krb5 context with any credentials cache for server arctur
Feb 23 22:09:49 trya rpc.gssd[3864]: doing error downcall
Feb 23 22:09:49 trya rpc.gssd[3864]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt55

При этом на сервере:

Feb 23 22:14:59 [rpc.svcgssd] leaving poll_
Feb 23 22:14:59 [rpc.svcgssd] handling null request_
Feb 23 22:14:59 [rpc.svcgssd] WARNING: gss_accept_sec_context failed_
Feb 23 22:14:59 [rpc.svcgssd] ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): Unspecified GSS failure.  Minor code may provide more information - Wrong principal in request_
Feb 23 22:14:59 [rpc.svcgssd] sending null reply_
Feb 23 22:14:59 [rpc.svcgssd] writing message: \x \x6082021206092a864886f71201020201006e820201308201fda003020105a10302010ea20703050020000000a382013d6182013930820135a003020105a1061b04484f4d45a2183016a003020103a10f300d1b036e66731b06617263747572a382010a30820106a003020112a103020104a281f90481f6d1718b17eb62a9a6fe662dfbcb7c4cdbb38741f31230b92030b7bc13d39d8e063c242aad359904182fd823e7f4ce4ee62d93ec78e803346e5307b0d4203a49bbcb7e1c98045e0d043f058f4830397272f86c72473e560183d0978b0f360a0e3c4785bd9d800a3cb27ff1eac630495da2bfa21cc6cd645da10b4c81df9d703012b5be00cf7195c9f451da5f14ede32edaae85f8e3406080cf2306038b0f487a06433cb41a16d47d1f3c6b34a823c6791dd3fe6aa05b7bc6aadccf83921fa2576a9aad21405001b7f03ca757c6b533be1b9bd06737ff9c9587f304388f3fa3296b09e83e525d6454a184a153f844e79a57af4e8ec7dec3a481a63081a3a003020101a2819b048198fdafd512205095709472af4e28b72e5a680167b98398ed78f073d846ce2a40ad54d2d38bd17c55adc3445629df488b5092903f5b3410355538bb626ccd8f0ed5555ba2a3f73e538d861dbaa8282780bb3f5e1f1a782c1cf3698966239c17ad9e4885ad00200e8ff31be7b6946aecd4b85f609f410ec2396b2f8623b94baa0f06a4c0ec0015caf3d159228ab116b08e64105e0d663f4fa4de 2147483647 851968 2529639056 \x \x _
Feb 23 22:14:59 [rpc.svcgssd] finished handling null request_
Feb 23 22:14:59 [rpc.svcgssd] entering poll_

И в логах kdc:

Feb 23 22:14:49 arctur krb5kdc[7130](info): TGS_REQ (3 etypes {1 3 2}) 192.168.1.252: ISSUE: authtime 1298488469, etypes {rep=18 tkt=18 ses=1}, nfs/trya@HOME for nfs/arctur@HOME
Feb 23 22:14:49 arctur krb5kdc[7130](info): TGS_REQ (3 etypes {1 3 2}) 192.168.1.252: ISSUE: authtime 1298488469, etypes {rep=18 tkt=18 ses=1}, nfs/trya@HOME for nfs/arctur@HOME

Что означает ошибка Wrong principal in request, а как узнать какой principal должен быть?

Спасибо