[Bug 705470] New: Kerberized NFS with deleted credentials leads to excessive log spam by kernel
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c0
Summary: Kerberized NFS with deleted credentials leads to
excessive log spam by kernel
Classification: openSUSE
Product: openSUSE 11.4
Version: Final
Platform: Other
OS/Version: openSUSE 11.4
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Kernel
AssignedTo: kernel-maintainers@forge.provo.novell.com
ReportedBy: joschibrauchle@gmx.de
QAContact: qa@suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML,
like Gecko) Chrome/12.0.742.100 Safari/534.30
This bug is a 99% duplicate of #620066, but this time for OpenSUSE 11.4 and
kernel 2.6.37! Thus, I copied most of the bug description and just changed the
relevant lines to the 11.4 error:
---------------------------
SSH, KDM and so on by default delete Kerberos credentials when a user logs out.
If the user left a program running (for instance via screen) or a process keeps
hanging, and if Kerberos credentials are needed to access the home directories
(kerberized NFS), rpc.gssd will fail to obtain Kerberos credentials. This is
expected behavior, so far so good.
The problem is that the kernel generates EXCESSIVE amounts of warnings in the
syslog to this effect (up to several hundred warnings per second), which then
quickly fill up the hard drive or var partition.
Reproducible: Always
Steps to Reproduce:
1. Log in (for example via SSH) to host that mounts home directory via
kerberized NFS
2. Start screen with some process accessing the home dir inside
3. Detach screen
4. Close SSH session
5. Wait for rpc.gssd credentials cache to expire
5. Check /var/log/messages
Actual Results:
When the process still running on the target host tries to access the home
directory, the kernel will spam the syslog with the following warning
----
<date> <hostname> kernel: [
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c1
Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c2
Klaus Slott
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c3
--- Comment #3 from Klaus Slott
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c4
--- Comment #4 from Klaus Slott
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c5
--- Comment #5 from Joschi Brauchle
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c6
--- Comment #6 from Klaus Slott
So make it short, the original issue I reported is about *DELETED* credentials and the corresponding kernel/gssd issues, not about *EXPIRED* credentials!
If you prefer I will reopen #740620. But to me they still seem related. Are you able to do a ssh logon to a system with *DELETED* credentials? I can confirm that I'v seen the log spamming with a *EXPIRED* ticket as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
From the last checks I have done on affected machines, I WAS able to login via SSH, but the machine was responding slowly. This might be due to the high CPU usage of gssd or by the high number of syslog messages. As soon as syslog filled the /var partition, login was no longer possible (but this is due to bad
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c7
--- Comment #7 from Joschi Brauchle
https://bugzilla.novell.com/show_bug.cgi?id=705470
https://bugzilla.novell.com/show_bug.cgi?id=705470#c8
Jeff Mahoney
participants (1)
-
bugzilla_noreply@novell.com