Hi,
When booting the 6.1.82 kernel on an EL9 system, the gssproxy daemon
started to consume a lot of cpu, and clients using krb5 NFS could no
longer connect. When comparing the kernel config between these two
kernels, it seemed like the following config items were not set in the
6.1 kernel:
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA=y
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2=y
I'm not 100% sure, but I assume this is why the clients can no longer
connect.
Looking at the net/sunrpc/Kconfig file, these entries don't exist yet in
the 6.1 series, but according to
https://www.kernelconfig.io/config_rpcsec_gss_krb5_enctypes_aes_sha2?q=&kernelversion=4.19.310&arch=x86
they do exist in some older long-term kernels?
Looking at CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2, it seems it exists
for 4.19.310, 5.4.272, 5.15.152, but not for 5.10.213 or 6.1.82.
I assume it was backported to some older kernels, but not 6.1? Would it
be possible to backport these config items to the 6.1 series?
Regards,
Rik
--
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440 - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>
