Ubuntu

kerberized nfs regression in lucid

Bug #572656 reported by J. Bruce Fields on 2010-04-30

This bug report is a duplicate of: Bug #512110: gssd regression, "Program lacks support for encryption type". Edit Remove

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu	New	Undecided	Unassigned

Bug Description

In karmic, kerberos NFS mounts worked. After an upgrading my nfs client to lucid this morning (kerberos server, nfs server, keytab all unchanged), a mount now gets "mount.nfs4: access denied by server while mounting troy:/vol/home".

Logs show "rpc.gssd[4305]: ERROR: No credentials found for connection to server troy.citi.umich.edu"

Examination of wireshark trace shows a KRB5KDC_ERR_PREAUTH_REQUIRED response to the kerberos AS-REQ.

Revision history for this message

J. Bruce Fields (bfields-fieldses) wrote on 2010-04-30:

packet trace Edit (608 bytes, application/cap)

Revision history for this message

Don (julien-garet) wrote on 2010-05-06:

Hello, I have just discovered that it might be related to : https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/512110

It solved my problem.

Revision history for this message

J. Bruce Fields (bfields-fieldses) wrote on 2010-05-06:

Doh. I should have known about that--yes, adding "allow_weak_crypto = true" to the [libdefaults] section of my client's krb5.conf file allows the mount to succeed.

I'm not sure what the correct solution is--ideal might be to backport the new nfs/krb5 patches queued for the 2.6.35 kernel (and the corresponding nfs-utils patches) and to keep allowing weak crypto until that's done.

I don't know if that's practical.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #512110 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

packet trace Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.