rpc.gssd with -n option not working on kernels >= 3.7
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| nfs-utils (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
In our organization we need to use kerberized NFSv4 mounts without machine
credentials. This works by running rpc.gssd with the -n option, which results
in rpc.gssd using the credentials cache in /tmp/krb5cc_0 when doing the mount,
instead of using machine credentials (which are unavailable due to a policy decision).
This functionality is broken with the current rpc.gssd when kernel 3.7 or newer
are used on an Ubuntu client, whereas with kernel 3.6.11 and earlier this works
like expected.
Reproducible: Always
Steps to Reproduce:
Basic steps to reproduce the problem:
# kinit -p userid
# rpc.gssd -f -n -vvvv
# mount -t nfs4 -o sec=krb5 server.
Expected Results:
The NFSv4 mount should succeed when rpc.gssd is started with the -n flag
and valid Kerberos credentials are available. The mount command above
indeed works when using e.g. Ubuntu 12.04.2 LTS (with kernel < 3.7) or
when explicitly installing an older kernel < 3.7 on Ubuntu 13.04.
Actual results:
With the standard Ubuntu 13.04 kernel the mount fails, with the
following notice in the logs, which is due to the new kernel:
process_
More details on the problem can be found on the kernel mailing list, here:
http://
http://
A discussion of possible ways to resolve the bug in the nfs-utils package
providing rpc.gssd is here:
http://
| Kees Verstoep (kees-verstoep) wrote | #1 |
This issue also appeared in latest OpenSUSE, release 12.3, similarly due to a kernel >= 3.7,
but a fix has recently been provided there:
https:/