PROBLEM: LXC Container, CIFS and Kerberos isolation issue

Rob Landley rlandley at parallels.com
Fri Feb 4 12:36:20 PST 2011


On 02/04/2011 02:37 AM, Nicolas Bourbaki wrote:
> 2011/2/3 Rob Landley <rlandley at parallels.com>:
>> cc:ing the containers list for tracking purposes...
>>
> 
> I've created an entry in the  kernel.org' bugzilla #28122 (I forget
> that this may have been the proper way to do it). Seem's it more
> global than I first thank.

It's nice for tracking purposes, but if you'd put a bug report in there
and hadn't cc'd me, I'd never have seen it.

>>  https://help.ubuntu.com/community/Samba/Kerberos
>>
>> Which presumably explains it.  I'll go read that...
> 
> If you have any question in setting it, I may try to help, giving you
> some of our configuration.

Well, it's not quite trivial to set up:

https://help.ubuntu.com/community/Kerberos

> All servers that are part of a Kerberos authentication realm should
> be assigned a Fully Qualified Domain Name (FQDN) that is both
> forward- and reverse-resolvable.

But apparently I can fake that with /etc/hosts...

I note that installing "krb5-kdc krb5-admin-server" installed bind 9, an
SGML library, and a geoip database.  And failed to download 11 packages
until I ran "aptitude update" on the lenny test environment.

Setting up krb5-kdc (1.8.3+dfsg-4) ...
krb5kdc: cannot initialize realm KVM - see log file for details
Setting up krb5-admin-server (1.8.3+dfsg-4) ...
kadmind: No such file or directory while initializing, aborting

Yeah, this is probably going to take a while...

Rob


More information about the Containers mailing list