Mention RPCSEC_GSS_KRB5 in Kerberos post.

[blog.git] / posts / Kerberos.mdwn

diff --git a/posts/Kerberos.mdwn b/posts/Kerberos.mdwn
index a06f294b555ab35efa640fa437cc293bc2530769..a8d4dc74a9c9c880fd25148c81c728bcab977e8c 100644 (file)
--- a/posts/Kerberos.mdwn
+++ b/posts/Kerberos.mdwn
@@ -230,6 +230,12 @@ Add it to your default runlevel with:
 Setup the NFS client
 --------------------
 
+In order to use private (`sec=krb5p`) mounts, you'll need to enable
+[RPCSEC_GSS_KRB5][].  Without it, [you'll get error
+messages][gss_error] such as
+
+    gss_create: Pseudoflavor 390005 not found!
+
 You'll also need `nfs-utils` here
 
     # USE="kerberos" emerge -av nfs-utils
@@ -323,6 +329,8 @@ user access to the NFS-mounted music as the `nobody` principal.
 [acl]: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-install.html#Add%20Administrators%20to%20the%20Acl%20File
 [principal]: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-admin.html#Adding%20or%20Modifying%20Principals
 [keytab]: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-install.html#Create%20a%20kadmind%20Keytab%20%28optional%29
+[RPCSEC_GSS_KRB5]: http://www.kernel.org/doc/menuconfig/net-sunrpc-Kconfig.html
+[gss_error]: http://osdir.com/ml/linux.nfsv4/2006-01/msg00014.html
 [nfs-tut1]: http://wiki.linux-nfs.org/wiki/index.php/Enduser_doc_kerberos
 [nfs-tut2]: http://bernard.nexusinternational.jp/2008/03/nfs-and-kerberos-bernie-howto.html
 [nfs-tut3]: http://www.techrepublic.com/blog/opensource/kerberos-authentication-with-nfsv4/1965