On Thu, Jul 14, 2011 at 09:13:41AM +0200, Tigran Mkrtchyan wrote: > On 07/14/2011 12:59 AM, J. Bruce Fields wrote: > >On Fedora 15 I'm seeing odd krb5 behavior: the context initialization > >appears to work fine, but then gssd sends a malformed RPCSEC_GSS_DESTROY > >packet just before closing the connection. The client's first operation > >to the server using the context is rejected because the server's mic > >verification fails. > > > >Has anyone else seen this? > > I have reported the same issue couple of weeks ago > > http://www.spinics.net/lists/linux-nfs/msg22142.html I thought it looked familiar.... > I use suse 11.4 x86_64 and can reproduce it with native kernel > 2.6.37.xxx and 3.0.0-rc5. > > To me it looks like that in rpc packet missing verifier. Yes. > Nevertheless > the message length is up to verifier. What I failed to find out it > the message length did not take verifier in the account or verifier > is missing in the first place. I was looking the the kernel code, > but may be problem is in gssd. I don't know which part of gss > handling in user space and which part is in the kernel. It's gssd that handles the init_sec_context, and (what I didn't notice before) you can see that the destroy rpc goes over the same tcp connection as the init_sec_context exchange. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
