Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: Problems with GNOME, autofs, NFSv4 and Kerberos security

  1. September 16th, 2011 #21
    apalacheno
    apalacheno is offline A Carafe of Ubuntu
    Join Date
    Nov 2006
    Beans
    83

    Re: Problems with GNOME, autofs, NFSv4 and Kerberos security

    I spent quite some time on the net looking for useful hints that may point to the root of the problem. The problem is, there are so many different use cases and reasons why these errors appear, it's like the search for the needle in the haystack.

    Alexander, I would like to come back to your offer. Even if you could propably workaround the issue, could you provide the configuration of:

    NFS (server-side):
    /etc/exports
    /etc/fstab
    /etc/default/nfs-kernel-server
    /etc/default/nfs-common
    /etc/idmapd.conf

    NFS (client-side):
    /etc/default/nfs-common
    /etc/idmapd.conf

    Autofs:
    /etc/default/autofs
    /etc/autofs_ldap_auth.conf
    /etc/auto.*
    .ldif data of the autofs LDAP tree

    NSS:
    /etc/nsswitch.conf

    ...these are the most important ones. To get a bigger picture the following would be helpful as well:

    LDAP:
    /etc/ldap.conf
    /etc/ldap/ldap.conf

    Kerberos:
    /etc/krb5.conf

    PAM:
    /etc/pam.d/common-auth
    /etc/pam.d/common-account
    /etc/pam.d/common-session

    Cheers,
    Robert
    Those Who Sacrifice Liberty For Security Deserve Neither. - Benjamin Franklin
    Advanced reply Adv Reply  
  2. September 18th, 2011 #22
    apalacheno
    apalacheno is offline A Carafe of Ubuntu
    Join Date
    Nov 2006
    Beans
    83

    Re: Problems with GNOME, autofs, NFSv4 and Kerberos security

    What I found out so far is that the problem seems not to be with .ICEauthority, but with .ICEauthority-c.

    If the .ICEauthority-c file is missing, I get the error message upon login complaining about a missing .ICEauthority file ('Could not update ICEauthority file /home/<username>/.ICEauthority'), althought the .ICEauthority is present. I can check this before login:

    Code:
    root@example:/home# ls -al user/ | grep ICE
-rw-------  1 user user 3940 2011-09-18 19:36 .ICEauthority
    During login, the .ICEauthority-c file is somehow created automatically, so this file is present after login:

    Code:
    root@example:/home# ls -al user/ | grep ICE
-rw-------  1 user user 3940 2011-09-18 19:36 .ICEauthority
-rw-------  1 user user 3940 2011-09-18 19:36 .ICEauthority-c
    No error message on the next login. But this time, the .ICEauthority-c file gets somehow removed again during login:

    Code:
    root@example:/home# ls -al user/ | grep ICE
-rw-------  1 user user 3940 2011-09-18 19:36 .ICEauthority
    The error message appears again on the subsequent login. This game can be repeated infinitely.

    So, here's another solution:

    Open /home/<user>/.gnomerc and paste the following line:

    Code:
    touch .ICEauthority-c
    Save the file and you should be good. This will create an .ICEauthority-c file just in time upon login, so the error isn't triggered. Interestingly enough, this file gets removed again during the login process. But it does the trick nevertheless.

    Could somebody confirm if this solution is working on his/her system?

    Cheers,
    Robert
    Those Who Sacrifice Liberty For Security Deserve Neither. - Benjamin Franklin
    Advanced reply Adv Reply  
Page 3 of 3 FirstFirst 123
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct