https://bugzilla.novell.com/show_bug.cgi?id=817651 https://bugzilla.novell.com/show_bug.cgi?id=817651#c0 Summary: Kernel 3.7 and newer breaks rpc.gssd -n and thus update of nfs-client package for openSUSE 12.3 needed Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: hardy.heroin+novell@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 In my organization I need to use kerberized nfs4 mounts without machine credentials. This works by running rpc.gssd with the -n option. This has resulted rpc.gssd in using the credentials cache in /tmp/krb5cc_0 when doing the mount instead of machine credentials (which I don't and cannot get). This functionality is broken in kernel 3.7 or newer whereas 3.6.11 and earlier work like expected. Going from openSUSE 12.2 (kernel 3.4) to openSUSE 12.3 (kernel 3.7) this bug was introduced in the distribution. Reproducible: Always Steps to Reproduce: Basic steps to reproduce the problem: # kinit user (this creates /tmp/krb5cc_0) # rpc.gssd -f -n -vvvv # mount -t nfs4 -o sec=krb5 server.example.org:/home /mnt Detailed steps to reproduce are documented here: http://forums.opensuse.org/english/get-technical-help-here/network-internet/... Actual Results: mount -vvv -t nfs -o sec=krb5,proto=tcp,vers=4 server.example.org:/home /mnt mount.nfs: timeout set for Mon Apr 29 14:26:38 2013 mount.nfs: trying text-based options 'sec=krb5,proto=tcp,vers=4,addr=w.x.y.z,clientaddr=a.b.c.d' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting server.example.org:/home and in the background: rpc.gssd -fvvvvvvvvv -n beginning poll handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clntd) handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clntd) process_krb5_upcall: service is '*' Full hostname for 'w.x.y.z' is 'w.x.y.z' Name or service not known while getting full hostname for 'a.b.c.d' ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host w.x.y.z ERROR: No credentials found for connection to server w.x.y.z doing error downcall Closing 'gssd' pipe for /var/lib/nfs/rpc_pipefs/nfs/clntd destroying client /var/lib/nfs/rpc_pipefs/nfs/clntd Expected Results: I expect the NFS4 mount to succeed when rpc.gssd is started with the -n flag and valid kerberos credentials are available. The mount command above works when using openSUSE 12.2 or earlier and fails on openSUSE 12.3. More details on the problem can be found on the kernel mailing list, here: http://permalink.gmane.org/gmane.linux.nfs/54851 http://www.spinics.net/lists/linux-nfs/msg35306.html It seems that it was decided the bug was in nfs-utils (nfs-client package in openSUSE) and a fix was prepared: http://permalink.gmane.org/gmane.linux.nfs/55586 I would like to request for this patch to be incorporated in openSUSE 12.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.