Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Key has expired - NFS + krb5 + autofs + sssd
777 views
Skip to first unread message
Thomas Beaudry
Sep 30, 2016, 10:50:54 AM9/30/16
to kerb...@mit.edu
Hi,
I mount a NFS share (windows file server) with autofs and sssd on my ubuntu 16.04 server that I connect to via ssh. Where I run into a problem is when i leave my ssh session on over night and come back in the morning I get a "key has expired" error when I try and access it. The only thing that fixes it is if, i close my ssh session and create a new one. I have tried using krenew (or the built in sssd ticket renewel) but it doesn't fix the problem. I even wrote a simple script that creates a new ticket every hour i.e. :
kinit ${user} -kt /usr/krb5/keytabs/.${user}.keytab
and it does in fact generate a new ticket every hour. This morning I did a klist, I saw that I had a new valid ticket but still couldn't access the NFS share this morning.
Any ideas or suggestions in debuging this would be a great help since I have spent days trying to find a solution.
Thanks!
Thomas
I mount a NFS share (windows file server) with autofs and sssd on my ubuntu 16.04 server that I connect to via ssh. Where I run into a problem is when i leave my ssh session on over night and come back in the morning I get a "key has expired" error when I try and access it. The only thing that fixes it is if, i close my ssh session and create a new one. I have tried using krenew (or the built in sssd ticket renewel) but it doesn't fix the problem. I even wrote a simple script that creates a new ticket every hour i.e. :
kinit ${user} -kt /usr/krb5/keytabs/.${user}.keytab
and it does in fact generate a new ticket every hour. This morning I did a klist, I saw that I had a new valid ticket but still couldn't access the NFS share this morning.
Any ideas or suggestions in debuging this would be a great help since I have spent days trying to find a solution.
Thanks!
Thomas
Thomas Beaudry
Sep 30, 2016, 2:01:57 PM9/30/16
to kerb...@mit.edu
Hi again,
I've figured out that it has nothing to do with leaving the session on over night. I changed the ticket life to 10 minutes, and even if i have a new key i am denied access once the original one expires...
Any help would be great!
Thomas
________________________________________
From: kerberos...@mit.edu <kerberos...@mit.edu> on behalf of Thomas Beaudry <thomas....@concordia.ca>
Sent: Friday, September 30, 2016 10:50 AM
To: kerb...@mit.edu
Subject: Key has expired - NFS + krb5 + autofs + sssd
________________________________________________
Kerberos mailing list Kerb...@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
I've figured out that it has nothing to do with leaving the session on over night. I changed the ticket life to 10 minutes, and even if i have a new key i am denied access once the original one expires...
Any help would be great!
Thomas
________________________________________
From: kerberos...@mit.edu <kerberos...@mit.edu> on behalf of Thomas Beaudry <thomas....@concordia.ca>
Sent: Friday, September 30, 2016 10:50 AM
To: kerb...@mit.edu
Subject: Key has expired - NFS + krb5 + autofs + sssd
Kerberos mailing list Kerb...@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
0 new messages