From 9196ea2813c2d08343fe0780996b5dfcd765b0d8 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 2 Jun 2011 15:06:55 -0400 Subject: [PATCH] Explain NFS access after kdestroy. --- posts/Kerberos.mdwn | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/posts/Kerberos.mdwn b/posts/Kerberos.mdwn index 2b36060..9885c35 100644 --- a/posts/Kerberos.mdwn +++ b/posts/Kerberos.mdwn @@ -283,7 +283,10 @@ Note that if you `kestroy` your key, you can still access the files: $ ls /tmp/mnt/ home -I'm not sure if this is a bug or a feature. +This is because your credentials have been cached in the client's +kernel. On AIX there seems to be an [nfsauthreset][] command to +manually flush cached GSSAPI information. Linux support is [waiting +on a new key ring implementation][keyring]. Other stuff ----------- @@ -325,6 +328,8 @@ any of these. [CTS]: http://permalink.gmane.org/gmane.linux.nfs/39963 [libnfsidmap]: http://www.citi.umich.edu/projects/nfsv4/linux/ [lr-bug]: http://linux-nfs.org/pipermail/nfsv4/2008-October/009558.html +[nfsauthreset]: http://publib.boulder.ibm.com/infocenter/aix/v7r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds4/nfsauthreset.htm +[keyring]: http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006 [ssh]: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_04.htm [apps]: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-user.html#Kerberos%20V5%20Applications -- 2.26.2