On Tue, 2013-10-22 at 02:38 +0000, Weston Andros Adamson wrote:
> On Oct 21, 2013, at 10:31 PM, Weston Andros Adamson <dros@xxxxxxxxxx>
> wrote:
>
> >
> > On Oct 21, 2013, at 10:23 PM, Jeff Layton <jlayton@xxxxxxxxxxxxxxx> wrote:
> >
> >> On Mon, 21 Oct 2013 23:53:16 +0000
> >> Weston Andros Adamson <dros@xxxxxxxxxx> wrote:
> >>
> >>> I traced this behavior back to:
> >>>
> >>> commit 302de786930a2c533068f9d8909a817b40f07c32
> >>> Author: Simo Sorce <simo@xxxxxxxxxx>
> >>> Date: Fri Apr 19 13:02:36 2013 -0400
> >>>
> >>> gssd: Allow GSSAPI to try to acquire credentials first.
> >>>
> >>>
> >>> And in particular:
> >>>
> >>> - for (dirname = ccachesearch; *dirname != NULL; dirname++) {
> >>> + /* Try first to acquire credentials directly via GSSAPI */
> >>> + err = gssd_acquire_user_cred(uid, &gss_cred);
> >>> + if (!err)
> >>> + create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
> >>> + AUTHTYPE_KRB5, gss_cred);
> >>> + /* if create_auth_rplc_client fails try the traditional method of
> >>> + * trolling for credentials */
> >>> + for (dirname = ccachesearch; create_resp != 0 && *dirname != NULL; dirname++) {
> >>>
> >>
> >>
> >>> A couple of things:
> >>>
> >>> - If I get rid of the "Try first to acquire credentials directly via GSSAPI" part, expiry works as before.
> >>>
> >>
> >>
> >> Steve just merged a couple of patches from me that change this code
> >> some. It's probably worth testing with those before you make any
> >> changes.
> >>
> >
> > Thanks, I'll check it out.
>
> Bisecting brought me to 302de786930a2c533068f9d8909a817b40f07c32 and
> I've confirmed that the problem is still in steved's master branch as
> of today. Are you sure the patches you're thinking of have been
> merged?
TBH I do not expect those patches to make any difference in this case.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
