[Bug 817651] New: Kernel 3.7 and newer breaks rpc.gssd -n and thus update of nfs-client package for openSUSE 12.3 needed
https://bugzilla.novell.com/show_bug.cgi?id=817651 https://bugzilla.novell.com/show_bug.cgi?id=817651#c0 Summary: Kernel 3.7 and newer breaks rpc.gssd -n and thus update of nfs-client package for openSUSE 12.3 needed Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: hardy.heroin+novell@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 In my organization I need to use kerberized nfs4 mounts without machine credentials. This works by running rpc.gssd with the -n option. This has resulted rpc.gssd in using the credentials cache in /tmp/krb5cc_0 when doing the mount instead of machine credentials (which I don't and cannot get). This functionality is broken in kernel 3.7 or newer whereas 3.6.11 and earlier work like expected. Going from openSUSE 12.2 (kernel 3.4) to openSUSE 12.3 (kernel 3.7) this bug was introduced in the distribution. Reproducible: Always Steps to Reproduce: Basic steps to reproduce the problem: # kinit user (this creates /tmp/krb5cc_0) # rpc.gssd -f -n -vvvv # mount -t nfs4 -o sec=krb5 server.example.org:/home /mnt Detailed steps to reproduce are documented here: http://forums.opensuse.org/english/get-technical-help-here/network-internet/... Actual Results: mount -vvv -t nfs -o sec=krb5,proto=tcp,vers=4 server.example.org:/home /mnt mount.nfs: timeout set for Mon Apr 29 14:26:38 2013 mount.nfs: trying text-based options 'sec=krb5,proto=tcp,vers=4,addr=w.x.y.z,clientaddr=a.b.c.d' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting server.example.org:/home and in the background: rpc.gssd -fvvvvvvvvv -n beginning poll handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clntd) handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clntd) process_krb5_upcall: service is '*' Full hostname for 'w.x.y.z' is 'w.x.y.z' Name or service not known while getting full hostname for 'a.b.c.d' ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host w.x.y.z ERROR: No credentials found for connection to server w.x.y.z doing error downcall Closing 'gssd' pipe for /var/lib/nfs/rpc_pipefs/nfs/clntd destroying client /var/lib/nfs/rpc_pipefs/nfs/clntd Expected Results: I expect the NFS4 mount to succeed when rpc.gssd is started with the -n flag and valid kerberos credentials are available. The mount command above works when using openSUSE 12.2 or earlier and fails on openSUSE 12.3. More details on the problem can be found on the kernel mailing list, here: http://permalink.gmane.org/gmane.linux.nfs/54851 http://www.spinics.net/lists/linux-nfs/msg35306.html It seems that it was decided the bug was in nfs-utils (nfs-client package in openSUSE) and a fix was prepared: http://permalink.gmane.org/gmane.linux.nfs/55586 I would like to request for this patch to be incorporated in openSUSE 12.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c1
Neil Brown
o Dropped the patch adding the "-c" option to rpc.gssd. This issue will be revisited soon.
I wonder if the "-c" option was supposed to fix it, but has been dropped for now. Does adding -k /tmp/krb5cc_0 to the gssd command line fix the problem? There seems to be a suggestion that it should, but I'm not very familiar with this stuff. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c2
Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c3
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c4
--- Comment #4 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c5
--- Comment #5 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c6
Hardy Heroin
Hi, did you have a chance to test the RPM from comment #4?
I can confirm that the RPM you provided does not resolve the issue. Unfortunately I can also not tell you why not. Same error again (less obfuscated this time): handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clntf) handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clntf) process_krb5_upcall: service is '*' Full hostname for 'pstor002.domain.local' is 'pstor002.domain.local' Name or service not known while getting full hostname for 'hppc134.DOMAIN.LOCAL' ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host pstor002.domain.local ERROR: No credentials found for connection to server pstor002.domain.local doing error downcall destroying client /var/lib/nfs/rpc_pipefs/nfs/clntf It also fails with the -k flag using either the root or the users keyab: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /tmp/krb5cc_1000 for connection with host pstor002.domain.local ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /tmp/krb5cc_0 for connection with host pstor002.domain.local I have a bit more time this week to do some debugging so any more suggestion I would be happy to try out. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c7
--- Comment #7 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c8
--- Comment #8 from Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c9
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c10
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c11
--- Comment #11 from Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c12
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c13
--- Comment #13 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c14
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c15
--- Comment #15 from Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c16
--- Comment #16 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c17
--- Comment #17 from Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c18
Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c19
--- Comment #19 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c20
--- Comment #20 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c21
--- Comment #21 from Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c22
--- Comment #22 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c23
--- Comment #23 from Hardy Heroin
https://bugzilla.novell.com/show_bug.cgi?id=817651
https://bugzilla.novell.com/show_bug.cgi?id=817651#c24
--- Comment #24 from Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=817651
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=817651
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com