Re: Kernels 3.7 and newer break rpc.gssd -n

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Feb 18, 2013, at 3:23 AM, Veli-Matti Lintu <veli-matti.lintu@xxxxxxxxxx> wrote:

>>> Yes. With commit 05f4c350 + the compilation fix, the problem occurs, but
>>> without
>>> 05f4c350, the parent (6f2ea7f) works as expected, requesting for service
>>> <null>.
> 
>>>> When the mount operation fails, is it the first time this client attempts
>>>> to
>>>> mount a share on server.example.org, or does the client already have
>>>> mounts
>>>> of server.example.org, possibly using other security flavors?
> 
>>> Yes, the problem occurs on the very first mount attempt.
>> 
>> Thanks for confirming.  Did you try updating nfs-utils on your NFS client to
>> 1.2.8-rc1 or later (specifically to replace rpc.gssd)?
> 
> Yes, gssd from nfs-utils 1.2.8-rc3 behaves the same way and fails when service 
> name is not null.

Thanks for confirming.  My KDC is now back online so I will try to reproduce this today.


> The code in gssd that checks for the service name seems to be the same if I
> understand the code correctly.
> 
> http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=blob;f=utils/gssd/gssd_proc.c;h=c17ab3bf914526f433fb6c76ace1daa63c10d921;hb=HEAD#l985
> 
> ---------------------------------------------------------------------------------
>        if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0 &&
>                                service == NULL)) {
>                /* Tell krb5 gss which credentials cache to use */
>                for (dirname = ccachesearch; *dirname != NULL; dirname++) {
>                        err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
>                        if (err == -EKEYEXPIRED)
>                                downcall_err = -EKEYEXPIRED;
>                        else if (!err)
>                                create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
>                                                             AUTHTYPE_KRB5);
>                        if (create_resp == 0)
>                                break;
>                }
>        }
> ---------------------------------------------------------------------------------
> 
> Veli-Matti
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Chuck Lever
chuck[dot]lever[at]oracle[dot]com




--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux