Explain NFS access after kdestroy.
authorW. Trevor King <wking@drexel.edu>
Thu, 2 Jun 2011 19:06:55 +0000 (15:06 -0400)
committerW. Trevor King <wking@drexel.edu>
Thu, 2 Jun 2011 19:06:55 +0000 (15:06 -0400)
posts/Kerberos.mdwn

index 2b36060b9399e3ab3bccf367cab8ac7afd3aa212..9885c351bc1a06f6bf5d82a6ff18c715ad85abb8 100644 (file)
@@ -283,7 +283,10 @@ Note that if you `kestroy` your key, you can still access the files:
     $ ls /tmp/mnt/
     home
 
-I'm not sure if this is a bug or a feature.
+This is because your credentials have been cached in the client's
+kernel.  On AIX there seems to be an [nfsauthreset][] command to
+manually flush cached GSSAPI information.  Linux support is [waiting
+on a new key ring implementation][keyring].
 
 Other stuff
 -----------
@@ -325,6 +328,8 @@ any of these.
 [CTS]: http://permalink.gmane.org/gmane.linux.nfs/39963
 [libnfsidmap]: http://www.citi.umich.edu/projects/nfsv4/linux/
 [lr-bug]: http://linux-nfs.org/pipermail/nfsv4/2008-October/009558.html
+[nfsauthreset]: http://publib.boulder.ibm.com/infocenter/aix/v7r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds4/nfsauthreset.htm
+[keyring]: http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006
 [ssh]: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_04.htm
 [apps]: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-user.html#Kerberos%20V5%20Applications