This is probably best discussed on [EMAIL PROTECTED] (http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4)
Enabling verbose output from rpcgssd (-vvv) on the linux client might give a hint to the problem. K.C. On 10/12/06, Keagle, Chuck <[EMAIL PROTECTED]> wrote: > Here is one we would like to figure out how to resolve or work around. > > The KDC is running on AIX Major Release 3. > > Kerberos is used to access data on NFS V3 and NFS v4 file > systems. > > Exported filesystems are also on AIX 3. > > AIX specific Process Group Authentication maps NFS V4 encryption > keys and Kerberos keys together. > > Other AIX systems allow access to NFS V3, NFS V4 unencrypted, > and NFS V4 encrypted data. > > In setting up RedHat RHEL WS 4.3 to access Kerberos controlled data > from the AIX KDC, NFS V3 and NFS V4 unencrypted mounts become > accessible. > > When trying to mount over NFS V4 with encryption, the mount options are: > > rw,hard,intr,proto=tcp,port=xxxx,sec=krb5,noauto 0 0 > Note that the xxxx represents the correct port number. > > When trying to mount a file system from the KDC on RHEL WS 3.4, the > following error appears: > > mount: block device hostname:/filesystem is write-protected, > mounting read-only > mount: cannot mount block device hostname:/filesystem read-only > Note that hostname and filesystem represent other correct but > sensitive information. > > I'm wondering if this is stumbling over that AIX specific Process > Authentication Group issue between Kerberos encryption and NFS V4 > encryption. Is there a way to overcome this? Hopefully just on the > client. If changes have to also be made on KDC, it will be a tough > road. > > Thanks. > > ---- > Not all who wander are lost. > > | ---- ___o | [EMAIL PROTECTED] > Chuck Keagle | ------- \ <, | Work: (425) 865-1488 > Enterprise Servers: HPC | ----- ( )/ ( ) | Cell: (425) 417-3434 > http://card.web.boeing.com/Webcard.cfm?id=73990 > <<Keagle, Chuck.vcf>> > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos