One of our users is struggling with multiple kerberos ticket caches impacting access to NFS sec=krb5 mounts. Because home directories are NFS mounted, we use GSSAPI auth to forward a ticket. But then we need to kinit to have a long-term renewable ticket. But we seem to be seeing that new ssh connections which create a new ticket cache break access to the NFS mounts, resulting in "permission denied" or "Stale file handle" messages. Switching back to a renewable ticket cache seems to resolve the issue. Any suggestions? Is this expected? I would have thought that the nfs access would work with any valid ticket. NAME="AlmaLinux" VERSION="8.10 (Cerulean Leopard)" nfs-utils-2.3.3-59.el8.x86_64 4.18.0-553.50.1.el8_10.x86_64 -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 https://www.nwra.com/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
