Re: Problem with krb5 authentification, server under a NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 22, 2008 at 06:19:09PM +0200, Quentin Godfroy wrote:
> Hi,
> 
> I have a problem with krb5 authentification and nfsv4:
> 
> basically the server is behind a NAT which over I do not have much control.
> To mount exported partitions I use socat on the NAT and redirect some TCP port
> (actually 2050 because 2049 is firewalled) to the port 2049 on the server. I
> can successfuly mount with auth=sys,port=2050, but I am unable to mount with
> kerberos authentification. The problem seems to lie within rpc.gssd which does
> not care for the port setting and tries to contact the server on port 2049.
> 
> I suppose the same could happen with nfsv{2,3} (provided the mountd port is
> redirected as well)
> 
> Is this a problem you were aware of?
> 
> I suppose fixing it may require a change in the callback between the kernel
> and rpc.gssd?

What kernel are you on?  As of 2.6.24 (more specifically:

	bf19aacecbeebccb2c3d150a8bd9416b7dba81fe "nfs: add server port
	to rpc_pipe info file"

the kernel does give gssd the information it needs to figure out which
port the server is on.

Looks to me like gssd doesn't yet use that yet, though.  Olga, did you
have a patch to make gssd read the "port:" line from the info file?

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux