https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c1 Manfred Hollstein <manfred.h@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |manfred.h@gmx.net --- Comment #1 from Manfred Hollstein <manfred.h@gmx.net> 2014-02-10 18:41:14 UTC --- *** Bug 863116 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=863116 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c3 Hardy Heroin <hardy.heroin+novell@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hardy.heroin+novell@gmail.c | |om --- Comment #3 from Hardy Heroin <hardy.heroin+novell@gmail.com> 2014-02-13 02:52:54 UTC --- I am also suffering from this bug. Although for me it seems to be more than just error log pollution. The rpc.gssd service actually crashes causing my Kerberized NFSv4 mounts to fail. I have two identical systems, apart from the kernel, in the same network: one with kernel 3.11.10-7-desktop fails one with kernel 3.11.6-4-desktop works As stated, I do use Kerberos. In fact, I use: SSSD + NFSv4 + Autofs + LDAP When I restart the nfs.service, initially the rpc.gssd service is running, but the moment you attempt to access any autofs mount, it crashes, going from: systemctl status nfs nfs.service - LSB: NFS client services Loaded: loaded (/etc/init.d/nfs) Drop-In: /run/systemd/generator/nfs.service.d └─50-insserv.conf-$remote_fs.conf Active: active (running) since Thu 2014-02-13 03:33:17 CET; 29s ago Process: 6300 ExecStop=/etc/init.d/nfs stop (code=exited, status=0/SUCCESS) Process: 6322 ExecStart=/etc/init.d/nfs start (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs.service ├─6339 /usr/sbin/rpc.gssd -D -p /var/lib/nfs/rpc_pipefs └─6344 /usr/sbin/rpc.idmapd -p /var/lib/nfs/rpc_pipefs Feb 13 03:33:17 PC-026454 systemd[1]: Starting LSB: NFS client services... Feb 13 03:33:17 PC-026454 rpc.gssd[6339]: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory Feb 13 03:33:17 PC-026454 rpc.gssd[6339]: ERROR: failed to read service info Feb 13 03:33:17 PC-026454 nfs[6322]: Starting NFS client services: sm-notify gssd idmapd..done Feb 13 03:33:17 PC-026454 systemd[1]: Started LSB: NFS client services. to systemctl status nfs nfs.service - LSB: NFS client services Loaded: loaded (/etc/init.d/nfs) Drop-In: /run/systemd/generator/nfs.service.d └─50-insserv.conf-$remote_fs.conf Active: active (running) since Thu 2014-02-13 03:33:17 CET; 36s ago Process: 6300 ExecStop=/etc/init.d/nfs stop (code=exited, status=0/SUCCESS) Process: 6322 ExecStart=/etc/init.d/nfs start (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs.service └─6344 /usr/sbin/rpc.idmapd -p /var/lib/nfs/rpc_pipefs Feb 13 03:33:52 PC-026454 rpc.gssd[6339]: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory (repeated many times) also I noticed that if I then start rpc.gssd from the command line in deamon mode I see the first few warnings: ERROR: failed to read service info ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory ERROR: failed to read service info ERROR: Credentials cache file '-v/krb5ccmachine_MYDOMAIN.LOCAL' not found while initializing credential cache 'FILE:-v/krb5ccmachine_MYDOMAIN.LOCAL' and then it does keep on running, but just keeps on spewing out the error messages: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory ERROR: failed to read service info Perhaps relevant is that everything else works, logging in using LDAP with GSSAPI credential works, listing autofs maps using automount -m does give me all the mounts. Just the actualy mount statement fails because of an access denied. I would like to confirm this bug and mark it as serious, as it completely breaks a working production environment. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c5 --- Comment #5 from Hardy Heroin <hardy.heroin+novell@gmail.com> 2014-02-13 04:07:06 UTC --- I would like to make one additional note as everything is now working. I forgot that openSUSE 13.1 doesn't work with GSSD of the box because of this nasty bug: https://bugzilla.novell.com/show_bug.cgi?id=841788 which results in these error messages: kernel: [ 1916.890007] rpc.gssd[3748]: segfault at 1 ip 00007fee06c21be5 sp 00007fff50f1b0b0 error 4 in libgssglue.so.1.0.0[7fee06c1e000+9000] 2014-02-13T04:48:46.195053+01:00 PC-026454 kernel: [ 1916.890237] NFS: nfs4_discover_server_trunking unhandled error -32. Exiting with error EIO 2014-02-13T04:49:04.425063+01:00 PC-026454 kernel: [ 1935.127945] RPC: AUTH_GSS upcall timed out. Installing attachment rpm https://bugzilla.novell.com/attachment.cgi?id=567194 fixed the problem for me, at least for now. I forgot the the other 'identical' machine, was in fact identical except for this one single rpm installed. I must say I'm quite disappointed with Kerberized NFS support over the past few months in openSUSE (although Ubuntu/Debian/RedHat also have had their issues). It's as if nobody is testing patches and new kernels in a real production environment, by which I mean: - full SSSD configuration with services = nss, pam, autofs - Kerberos only authentication - NFSv4 or higher - a complex automount map retrieved from LDAP - keytab authentication vs root credentials abused as machine credentials What's up with that? If there's a list somewhere with test volunteers, please sign me up. It can literally save me hours of post mortem debugging. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c7 Tim Olsen <tifo@sund.ku.dk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tifo@sund.ku.dk --- Comment #7 from Tim Olsen <tifo@sund.ku.dk> 2014-03-05 14:04:04 UTC --- we have the exact same behaviour in my workplace. All Opensuse 13.1 X64 with 3.11.10-7-desktop kernel machines with NFS4 krb5 mounts are failing. noticed that the problems causes kswapd0 to consume all cpu resources. we have to roll back to the previous kernel 3.11.6-4-desktop it's a disaster. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c11 Roland Mainz <roland.mainz.bugzilla-suse@nrubsig.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |roland.mainz.bugzilla-suse@ | |nrubsig.org --- Comment #11 from Roland Mainz <roland.mainz.bugzilla-suse@nrubsig.org> 2014-03-24 02:32:58 UTC --- Erm... it doesn't seem to work with the kernel-of-the-day: 1. Installed $ rpm -i http://download.opensuse.org/repositories/Kernel:/openSUSE-13.1/standard/x86... # 2. Reboot system with new kernel: $ uname -a Linux suse131vm001krb 3.11.10-38.g9cdad94-desktop #1 SMP PREEMPT Fri Mar 21 15:03:37 UTC 2014 (9cdad94) x86_64 x86_64 x86_64 GNU/Linux 3. Trying to mount something: $ mount -t nfs4 -o sec=krb5 192.168.2.112:/nfsv4test/ /mnt mount.nfs4: Broken pipe 4. /var/log/messages now tells me this "fun": 2014-03-24T03:27:16.880173+01:00 suse131vm001krb rpc.gssd[2526]: ERROR: GSS-API: error in gss_export_lucid_sec_context(): GSS_S_BAD_MECH (An unsupported mechanism was requested) - Unknown error 2014-03-24T03:27:16.881327+01:00 suse131vm001krb rpc.gssd[2526]: ERROR: failed serializing krb5 context for kernel 2014-03-24T03:27:16.882117+01:00 suse131vm001krb rpc.gssd[2526]: WARNING: Failed to serialize krb5 context for user with uid 0 for server suse131vm001krb.nrubsig.org 2014-03-24T03:27:16.887139+01:00 suse131vm001krb kernel: [ 411.791128] rpc.gssd[2526]: segfault at 20 ip 00007f3af035df5b sp 00007fffe45eb560 error 4 in libgssapi_krb5.so.2.2[7f3af0345000+43000] Erm... what am I doing wrong ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c13 Roland Mainz <roland.mainz@nrubsig.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |roland.mainz@nrubsig.org --- Comment #13 from Roland Mainz <roland.mainz@nrubsig.org> 2014-04-02 21:28:17 UTC --- (In reply to comment #9)

Yes, we need commit e2f0c83a9de331d9352185ca3642616c13127539 Author: Jeff Layton <jlayton@redhat.com> Date: Thu Dec 5 07:34:44 2013 -0500

sunrpc: add an "info" file for the dummy gssd pipe

and probably [snip] I've pushed these patches out so the kernel-of-the-day should work soon, and the next update will have the fix.

(And I'm still trying to get a real update for libtirpc1....) (why did this take a whole month to get assigned to me ?????)

Any idea when this and the libtirpc1 update will appear as normal SuSE 13.1 update ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c15 --- Comment #15 from Neil Brown <nfbrown@suse.com> 2014-04-04 08:18:47 UTC --- Fixed libtirpc1 is now available through "zypper up" for openSUSE-13.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862746 https://bugzilla.novell.com/show_bug.cgi?id=862746#c16 --- Comment #16 from Swamp Workflow Management <swamp@suse.de> 2014-05-19 12:16:21 UTC --- openSUSE-SU-2014:0678-1: An update that solves 17 vulnerabilities and has 23 fixes is now available. Category: security (important) Bug References: 639379,812592,81660,821619,833968,842553,849334,851244,851426,852656,852967,853350,856760,857643,858638,858872,859342,860502,860835,861750,862746,863235,863335,864025,864867,865075,866075,866102,867718,868653,869414,871148,871160,871252,871325,875440,875690,875798,876531,876699 CVE References: CVE-2013-4579,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7281,CVE-2014-0069,CVE-2014-0101,CVE-2014-0196,CVE-2014-1438,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672 Sources used: openSUSE 13.1 (src): cloop-2.639-11.7.1, crash-7.0.2-2.7.1, hdjmod-1.28-16.7.1, ipset-6.19-2.7.1, iscsitarget-1.4.20.3-13.7.1, kernel-docs-3.11.10-11.3, kernel-source-3.11.10-11.1, kernel-syms-3.11.10-11.1, ndiswrapper-1.58-7.1, openvswitch-1.11.0-0.25.1, pcfclock-0.44-258.7.1, virtualbox-4.2.18-2.12.1, xen-4.3.2_01-15.1, xtables-addons-2.3-2.7.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.