[Bug 620066] New: Cleaning up of kerberos credentials by SSH with kerberized NFS leads to excessive log spam by rpc.gssd
http://bugzilla.novell.com/show_bug.cgi?id=620066 http://bugzilla.novell.com/show_bug.cgi?id=620066#c0 Summary: Cleaning up of kerberos credentials by SSH with kerberized NFS leads to excessive log spam by rpc.gssd Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: mika.fischer@zoopnet.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 SSH by default deletes Kerberos credentials when a user logs out. If the user left a program running (for instance via screen), and if Kerberos credentials are needed to access the home directories (kerberized NFS), rpc.gssd will fail to obtain Kerberos credentials. The problem is that it generates excessive amounts of warnings in the syslog to this effect (about 1100 wrnings per second), which then quickly fill up the hard drive. Reproducible: Always Steps to Reproduce: 1. Log in (via SSH) to host that mounts home directory via kerberized NFS 2. Start screen with some process accessing the home dir inside 3. Detach screen 4. Close SSH session 5. Wait for rpc.gssd credentials cache to expire Actual Results: When the process still running on the target host tries to access the home directory, rpc.gssd will try and fail to obtain kerberos credentials for the user. It will then spam the syslog with the following warning ---- <date> <hostname> rpc.gssd[<pid>]: WARNING: Failed to create krb5 context for user with uid <uid> for server <other hostname> ---- This is repeated ad infinitum until the offending process is killed manually. The logfile otherwise quickly fills up the partition. Expected Results: Maybe one warning or no warning at all should be emitted (the latter is the case for *expired* credentials). See also https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/293705 for the case of expired credentials. A fix fo this should probably also be coordinated with upstream. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=620066
http://bugzilla.novell.com/show_bug.cgi?id=620066#c
yang xiaoyu
http://bugzilla.novell.com/show_bug.cgi?id=620066
http://bugzilla.novell.com/show_bug.cgi?id=620066#c
Suresh Jayaraman
http://bugzilla.novell.com/show_bug.cgi?id=620066
http://bugzilla.novell.com/show_bug.cgi?id=620066#c1
Suresh Jayaraman
http://bugzilla.novell.com/show_bug.cgi?id=620066
http://bugzilla.novell.com/show_bug.cgi?id=620066#c2
--- Comment #2 from Suresh Jayaraman
http://bugzilla.novell.com/show_bug.cgi?id=620066
http://bugzilla.novell.com/show_bug.cgi?id=620066#c4
Mika Fischer
http://bugzilla.novell.com/show_bug.cgi?id=620066
http://bugzilla.novell.com/show_bug.cgi?id=620066#c5
--- Comment #5 from Suresh Jayaraman
After testing the packages I can confirm that they fix the problem for us.
Thanks for confirming.
Do you recommend that we deploy them on all our 11.2 hosts or should we wait for an official update?
You should wait for an official update.
Also, this probably should be fixed in 11.3. However there we have a similar but slightly different behaviour. The error message does not come from rpc.gssd but from the kernel itself. It is however caused by the same circumstances and also spams the log so quickly that there's a good chance of filling up the /var partition.
Do you want me to open a separate bug report for this?
Yes, it sounds different from this one. Please open a separate bugzilla for that issue. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=620066
http://bugzilla.novell.com/show_bug.cgi?id=620066#c7
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=620066
https://bugzilla.novell.com/show_bug.cgi?id=620066#c8
Joschi Brauchle
https://bugzilla.novell.com/show_bug.cgi?id=620066
https://bugzilla.novell.com/show_bug.cgi?id=620066#c9
Joschi Brauchle
participants (1)
-
bugzilla_noreply@novell.com