[Bug 931308] New: Gssd fails to renew credentials
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=931308
Bug ID: 931308
Summary: Gssd fails to renew credentials
Classification: openSUSE
Product: openSUSE 12.3
Version: Final
Hardware: Other
OS: SLES 11
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
Assignee: bnc-team-screening@forge.provo.novell.com
Reporter: Anna.Schumaker@Netapp.com
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
This bug is seen when running SLES11 SP3 and SLES11 SP4, but I can't find where
to file SLES bugs anywhere in this bugzilla. Please let me know if this is in
the wrong place!
Description of problem:
Gssd fails to renew credentials when running with uid=0 and client and server
clocks are just a few seconds off.
Version-Release number of selected component (if applicable):
nfs-client-1.2.3-18.40.15 (SLES11 SP3)
How reproducible:
Just to make the issue easier to reproduce, change the lifetime of the issued
service ticket to something short, say 2m, by modifying /etc/krb5.conf
ticket_lifetime=2m
Steps to Reproduce:
1. sudo mount -t nfs4 -o sec=krb5 nfs.server.com:/ /mnt
2. sudo dd if=/dev/zero of=/mnt/testfile bs=1 count=10000000
Basically, mount your kerberized NFS server and start job that lasts longer
than
chosen ticket lifetime (i.e., dd that would take longer than 2min to complete).
Actual results:
"dd" will fail with "permission denied" when credentials expire.
See failure logged in var log messages,
ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_CREDENTIALS_EXPIRED (The
referenced credential has expired) - Unknown error
WARNING: Failed while limiting krb5 encryption types for user with uid 0
WARNING: Failed to create machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_GATEWAY.2WIRE.NET for server ipa120.gateway.2wire.net
WARNING: Machine cache is prematurely expired or corrupted trying to recreate
cache for server ipa120.gateway.2wire.net
Expected results:
"dd" should finish to completion
Additional info:
This problem has been address in the upstream nfs-utils and is fixed by:
commit da54dec3cb40095cac96fd2d838144129262ac7f
Author: Lukas Hejtmanek
participants (1)
-
bugzilla_noreply@novell.com