Caerostris/cat etc-fstab Secret

## cat etc-fstab
root@AGON:~# cat /etc/fstab
# /etc/fstab: static file system information.
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# (...)
eos:/           /mnt/eos        nfs4    sec=krb5,user           0       0

## klist -k etc-krb5.keytab
root@AGON:~# #this is the client
root@AGON:~# klist -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   9 nfs/agon@MYREALM.TLD
   9 nfs/agon@MYREALM.TLD
   9 nfs/agon@MYREALM.TLD
   9 nfs/agon@MYREALM.TLD


root@EOS:~# #this is the server
root@EOS:~# klist -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 nfs/eos@MYREALM.TLD
   3 nfs/eos@MYREALM.TLD
   3 nfs/eos@MYREALM.TLD
   3 nfs/eos@MYREALM.TLD

## klist and mount error
caerostris@AGON:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: caerostris@MYREALM.TLD

Valid starting       Expires              Service principal
01.05.2013 20:32:10  02.05.2013 06:32:10  krbtgt/MYREALM.TLD@MYREALM.TLD
        renew until 02.05.2013 20:32:04


caerostris@AGON:~$ mount /mnt/eos -vvv
mount: fstab path: "/etc/fstab"
mount: mtab path:  "/etc/mtab"
mount: lock path:  "/etc/mtab~"
mount: temp path:  "/etc/mtab.tmp"
mount: UID:        1000
mount: eUID:       0
mount: spec:  "eos:/"
mount: node:  "/mnt/eos"
mount: types: "nfs4"
mount: opts:  "sec=krb5,user"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "eos:/"
mount: external mount: argv[2] = "/mnt/eos"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,noexec,nosuid,nodev,user,sec=krb5"
mount.nfs4: timeout set for Wed May  1 22:37:48 2013
mount.nfs4: trying text-based options 'sec=krb5,addr=192.168.0.8,clientaddr=192.168.0.6'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting eos:/

## klist tmp-krb5cc_machine_MYREALM.TLD
root@AGON:~# klist /tmp/krb5cc_machine_MYREALM.TLD
Ticket cache: FILE:/tmp/krb5cc_machine_MYREALM.TLD
Default principal: nfs/agon@MYREALM.TLD

Valid starting       Expires              Service principal
01.05.2013 21:15:13  02.05.2013 07:15:13  krbtgt/MYREALM.TLD@MYREALM.TLD
        renew until 02.05.2013 21:15:13
01.05.2013 21:15:14  02.05.2013 07:15:13  nfs/eos@
        renew until 02.05.2013 21:15:13
01.05.2013 21:15:14  02.05.2013 07:15:13  nfs/eos@MYREALM.TLD
        renew until 02.05.2013 21:15:13

## syslog
root@AGON:~# cat /var/log/syslog
May  1 21:53:47 AGON rpc.gssd[4035]: dir_notify_handler: sig 37 si 0x7fff163ecc70 data 0x7fff163ecb40
May  1 21:53:47 AGON rpc.gssd[4035]: dir_notify_handler: sig 37 si 0x7fff163ecc70 data 0x7fff163ecb40
May  1 21:53:47 AGON rpc.gssd[4035]: handling gssd upcall (/run/rpc_pipefs/nfs/clnt27)
May  1 21:53:47 AGON rpc.gssd[4035]: handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 '
May  1 21:53:47 AGON rpc.gssd[4035]: handling krb5 upcall (/run/rpc_pipefs/nfs/clnt27)
May  1 21:53:47 AGON rpc.gssd[4035]: process_krb5_upcall: service is '*'
May  1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'eos' is 'eos'
May  1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'agon' is 'agon'
May  1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for AGON$@MYREALM.TLD while getting keytab entry for 'AGON$@'
May  1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for root/agon@MYREALM.TLD while getting keytab entry for 'root/agon@'
May  1 21:53:47 AGON rpc.gssd[4035]: Success getting keytab entry for 'nfs/agon@'
May  1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
May  1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
May  1 21:53:47 AGON rpc.gssd[4035]: using FILE:/tmp/krb5cc_machine_MYREALM.TLD as credentials cache for machine creds
May  1 21:53:47 AGON rpc.gssd[4035]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYREALM.TLD
May  1 21:53:47 AGON rpc.gssd[4035]: creating context using fsuid 0 (save_uid 0)
May  1 21:53:47 AGON rpc.gssd[4035]: creating tcp client for server eos
May  1 21:53:47 AGON rpc.gssd[4035]: DEBUG: port already set to 2049
May  1 21:53:47 AGON rpc.gssd[4035]: creating context with server nfs@eos
May  1 21:53:47 AGON rpc.gssd[4035]: WARNING: Failed to create krb5 context for user with uid 0 for server eos
May  1 21:53:47 AGON rpc.gssd[4035]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYREALM.TLD for server eos
May  1 21:53:47 AGON rpc.gssd[4035]: WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server eos
May  1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'eos' is 'eos'
May  1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'agon' is 'agon'
May  1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for AGON$@MYREALM.TLD while getting keytab entry for 'AGON$@'
May  1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for root/agon@MYREALM.TLD while getting keytab entry for 'root/agon@'
May  1 21:53:47 AGON rpc.gssd[4035]: Success getting keytab entry for 'nfs/agon@'
May  1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
May  1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
May  1 21:53:47 AGON rpc.gssd[4035]: using FILE:/tmp/krb5cc_machine_MYREALM.TLD as credentials cache for machine creds
May  1 21:53:47 AGON rpc.gssd[4035]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYREALM.TLD
May  1 21:53:47 AGON rpc.gssd[4035]: creating context using fsuid 0 (save_uid 0)
May  1 21:53:47 AGON rpc.gssd[4035]: creating tcp client for server eos
May  1 21:53:47 AGON rpc.gssd[4035]: DEBUG: port already set to 2049
May  1 21:53:47 AGON rpc.gssd[4035]: creating context with server nfs@eos
May  1 21:53:48 AGON rpc.gssd[4035]: WARNING: Failed to create krb5 context for user with uid 0 for server eos
May  1 21:53:48 AGON rpc.gssd[4035]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYREALM.TLD for server eos
May  1 21:53:48 AGON rpc.gssd[4035]: WARNING: Failed to create machine krb5 context with any credentials cache for server eos
May  1 21:53:48 AGON rpc.gssd[4035]: doing error downcall
May  1 21:53:49 AGON rpc.gssd[4035]: dir_notify_handler: sig 37 si 0x7fff163ecc70 data 0x7fff163ecb40
May  1 21:53:49  rpc.gssd[4035]: last message repeated 4 times
May  1 21:53:49 AGON rpc.gssd[4035]: destroying client /run/rpc_pipefs/nfs/clnt27
	root@AGON:~# cat /etc/fstab
	# /etc/fstab: static file system information.
	# <file system> <mount point> <type> <options> <dump> <pass>
	# (...)
	eos:/ /mnt/eos nfs4 sec=krb5,user 0 0
	root@AGON:~# #this is the client
	root@AGON:~# klist -k /etc/krb5.keytab
	Keytab name: FILE:/etc/krb5.keytab
	KVNO Principal
	---- --------------------------------------------------------------------------
	9 nfs/agon@MYREALM.TLD
	9 nfs/agon@MYREALM.TLD
	9 nfs/agon@MYREALM.TLD
	9 nfs/agon@MYREALM.TLD



	root@EOS:~# #this is the server
	root@EOS:~# klist -k /etc/krb5.keytab
	Keytab name: FILE:/etc/krb5.keytab
	KVNO Principal
	---- --------------------------------------------------------------------------
	3 nfs/eos@MYREALM.TLD
	3 nfs/eos@MYREALM.TLD
	3 nfs/eos@MYREALM.TLD
	3 nfs/eos@MYREALM.TLD
	caerostris@AGON:~$ klist
	Ticket cache: FILE:/tmp/krb5cc_1000
	Default principal: caerostris@MYREALM.TLD

	Valid starting Expires Service principal
	01.05.2013 20:32:10 02.05.2013 06:32:10 krbtgt/MYREALM.TLD@MYREALM.TLD
	renew until 02.05.2013 20:32:04


	caerostris@AGON:~$ mount /mnt/eos -vvv
	mount: fstab path: "/etc/fstab"
	mount: mtab path: "/etc/mtab"
	mount: lock path: "/etc/mtab~"
	mount: temp path: "/etc/mtab.tmp"
	mount: UID: 1000
	mount: eUID: 0
	mount: spec: "eos:/"
	mount: node: "/mnt/eos"
	mount: types: "nfs4"
	mount: opts: "sec=krb5,user"
	mount: external mount: argv[0] = "/sbin/mount.nfs4"
	mount: external mount: argv[1] = "eos:/"
	mount: external mount: argv[2] = "/mnt/eos"
	mount: external mount: argv[3] = "-v"
	mount: external mount: argv[4] = "-o"
	mount: external mount: argv[5] = "rw,noexec,nosuid,nodev,user,sec=krb5"
	mount.nfs4: timeout set for Wed May 1 22:37:48 2013
	mount.nfs4: trying text-based options 'sec=krb5,addr=192.168.0.8,clientaddr=192.168.0.6'
	mount.nfs4: mount(2): Permission denied
	mount.nfs4: access denied by server while mounting eos:/
	root@AGON:~# klist /tmp/krb5cc_machine_MYREALM.TLD
	Ticket cache: FILE:/tmp/krb5cc_machine_MYREALM.TLD
	Default principal: nfs/agon@MYREALM.TLD

	Valid starting Expires Service principal
	01.05.2013 21:15:13 02.05.2013 07:15:13 krbtgt/MYREALM.TLD@MYREALM.TLD
	renew until 02.05.2013 21:15:13
	01.05.2013 21:15:14 02.05.2013 07:15:13 nfs/eos@
	renew until 02.05.2013 21:15:13
	01.05.2013 21:15:14 02.05.2013 07:15:13 nfs/eos@MYREALM.TLD
	renew until 02.05.2013 21:15:13
	root@AGON:~# cat /var/log/syslog
	May 1 21:53:47 AGON rpc.gssd[4035]: dir_notify_handler: sig 37 si 0x7fff163ecc70 data 0x7fff163ecb40
	May 1 21:53:47 AGON rpc.gssd[4035]: dir_notify_handler: sig 37 si 0x7fff163ecc70 data 0x7fff163ecb40
	May 1 21:53:47 AGON rpc.gssd[4035]: handling gssd upcall (/run/rpc_pipefs/nfs/clnt27)
	May 1 21:53:47 AGON rpc.gssd[4035]: handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 '
	May 1 21:53:47 AGON rpc.gssd[4035]: handling krb5 upcall (/run/rpc_pipefs/nfs/clnt27)
	May 1 21:53:47 AGON rpc.gssd[4035]: process_krb5_upcall: service is '*'
	May 1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'eos' is 'eos'
	May 1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'agon' is 'agon'
	May 1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for AGON$@MYREALM.TLD while getting keytab entry for 'AGON$@'
	May 1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for root/agon@MYREALM.TLD while getting keytab entry for 'root/agon@'
	May 1 21:53:47 AGON rpc.gssd[4035]: Success getting keytab entry for 'nfs/agon@'
	May 1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
	May 1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
	May 1 21:53:47 AGON rpc.gssd[4035]: using FILE:/tmp/krb5cc_machine_MYREALM.TLD as credentials cache for machine creds
	May 1 21:53:47 AGON rpc.gssd[4035]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYREALM.TLD
	May 1 21:53:47 AGON rpc.gssd[4035]: creating context using fsuid 0 (save_uid 0)
	May 1 21:53:47 AGON rpc.gssd[4035]: creating tcp client for server eos
	May 1 21:53:47 AGON rpc.gssd[4035]: DEBUG: port already set to 2049
	May 1 21:53:47 AGON rpc.gssd[4035]: creating context with server nfs@eos
	May 1 21:53:47 AGON rpc.gssd[4035]: WARNING: Failed to create krb5 context for user with uid 0 for server eos
	May 1 21:53:47 AGON rpc.gssd[4035]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYREALM.TLD for server eos
	May 1 21:53:47 AGON rpc.gssd[4035]: WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server eos
	May 1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'eos' is 'eos'
	May 1 21:53:47 AGON rpc.gssd[4035]: Full hostname for 'agon' is 'agon'
	May 1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for AGON$@MYREALM.TLD while getting keytab entry for 'AGON$@'
	May 1 21:53:47 AGON rpc.gssd[4035]: No key table entry found for root/agon@MYREALM.TLD while getting keytab entry for 'root/agon@'
	May 1 21:53:47 AGON rpc.gssd[4035]: Success getting keytab entry for 'nfs/agon@'
	May 1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
	May 1 21:53:47 AGON rpc.gssd[4035]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM.TLD' are good until 1367471713
	May 1 21:53:47 AGON rpc.gssd[4035]: using FILE:/tmp/krb5cc_machine_MYREALM.TLD as credentials cache for machine creds
	May 1 21:53:47 AGON rpc.gssd[4035]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYREALM.TLD
	May 1 21:53:47 AGON rpc.gssd[4035]: creating context using fsuid 0 (save_uid 0)
	May 1 21:53:47 AGON rpc.gssd[4035]: creating tcp client for server eos
	May 1 21:53:47 AGON rpc.gssd[4035]: DEBUG: port already set to 2049
	May 1 21:53:47 AGON rpc.gssd[4035]: creating context with server nfs@eos
	May 1 21:53:48 AGON rpc.gssd[4035]: WARNING: Failed to create krb5 context for user with uid 0 for server eos
	May 1 21:53:48 AGON rpc.gssd[4035]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYREALM.TLD for server eos
	May 1 21:53:48 AGON rpc.gssd[4035]: WARNING: Failed to create machine krb5 context with any credentials cache for server eos
	May 1 21:53:48 AGON rpc.gssd[4035]: doing error downcall
	May 1 21:53:49 AGON rpc.gssd[4035]: dir_notify_handler: sig 37 si 0x7fff163ecc70 data 0x7fff163ecb40
	May 1 21:53:49 rpc.gssd[4035]: last message repeated 4 times
	May 1 21:53:49 AGON rpc.gssd[4035]: destroying client /run/rpc_pipefs/nfs/clnt27