kerberos

If you’re familiar with Kerberos, one way to check if a ticket is valid is to run klist command. ❯ klist Ticket cache: FILE:/tmp/krb5cc_1001 Default principal: username@UNIVERSITY.EDU.AU Valid starting Expires Service principal 02/07/21 11:26:50 02/07/21 21:26:50 krbtgt/UNIVERSITY.EDU.AU@UNIVERSITY.EDU.AU renew until 03/07/21 11:26:50 02/07/21 12:24:07 02/07/21 21:26:50 cifs/server1.UNIVERSITY.edu.au@UNIVERSITY.EDU.AU 02/07/21 12:24:07 02/07/21 21:26:50 cifs/server1.UNIVERSITY.edu.au@UNIVERSITY.EDU.AU ❯ date Mon 05 Jul 2021 16:01:59 AEST From the above output, the principal ticket expired since 2 Jul. So how do we find out if the Kerberos (principal) ticket expires programmatically?...

Nothing excites me than being able to solve a problem on Linux just before bed time. Well, there could be other things, but I couldn’t think of any right now. Right now, I’m preparing for my next exam - Red Hat Certified Specialist in Identity Management (EX362), and one of the topics is about setting up automated home directory using IdM (or IPA). I tried to follow the course material, but I had troubles getting it working....

It started with… when I tried to start nfs-kernel-server, it just failed. # /etc/init.d/nfs-kernel-server start Exporting directories for NFS kernel daemon.... Starting NFS kernel daemon: nfsd svcgssd failed! syslogs: Nov 11 23:32:04 nasbox kernel: [ 8106.165582] nfsd: last server has exited, flushing export cache Nov 11 23:32:05 nasbox kernel: [ 8107.240419] svc: failed to register lockdv1 RPC service (errno 97). Nov 11 23:32:05 nasbox kernel: [ 8107.245528] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory Nov 11 23:32:05 nasbox kernel: [ 8107....