PROBLEM: LXC Container, CIFS and Kerberos isolation issue
rlandley at parallels.com
Fri Feb 4 12:36:20 PST 2011
On 02/04/2011 02:37 AM, Nicolas Bourbaki wrote:
> 2011/2/3 Rob Landley <rlandley at parallels.com>:
>> cc:ing the containers list for tracking purposes...
> I've created an entry in the kernel.org' bugzilla #28122 (I forget
> that this may have been the proper way to do it). Seem's it more
> global than I first thank.
It's nice for tracking purposes, but if you'd put a bug report in there
and hadn't cc'd me, I'd never have seen it.
>> Which presumably explains it. I'll go read that...
> If you have any question in setting it, I may try to help, giving you
> some of our configuration.
Well, it's not quite trivial to set up:
> All servers that are part of a Kerberos authentication realm should
> be assigned a Fully Qualified Domain Name (FQDN) that is both
> forward- and reverse-resolvable.
But apparently I can fake that with /etc/hosts...
I note that installing "krb5-kdc krb5-admin-server" installed bind 9, an
SGML library, and a geoip database. And failed to download 11 packages
until I ran "aptitude update" on the lenny test environment.
Setting up krb5-kdc (1.8.3+dfsg-4) ...
krb5kdc: cannot initialize realm KVM - see log file for details
Setting up krb5-admin-server (1.8.3+dfsg-4) ...
kadmind: No such file or directory while initializing, aborting
Yeah, this is probably going to take a while...
More information about the Containers