Ubuntu
nfs-utils package

Bug #1977745
Comment #10

Comment 10 for bug 1977745

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-09-23:

#10

Jammy verification

Reproducing the bug:
root@j-nfs-1977745:~# apt-cache policy nfs-common
nfs-common:
  Installed: 1:2.6.1-1ubuntu1
  Candidate: 1:2.6.1-1ubuntu1
  Version table:
*** 1:2.6.1-1ubuntu1 500
        500 http://br.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

root@j-nfs-1977745:~# grep principal /etc/nfs.conf -B 1
[svcgssd]
principal = someservice/somehost@SRU

root@j-nfs-1977745:~# /usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_NO_CRED (No credentials were supplied, or the credentials were unavailable or inaccessible) - No key table entry found for @SRU
unable to obtain root (machine) credentials
do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?

It fails to start, and mentions a generic keytab entry in the error message.

Now with the fixed package from jammy-proposed:

root@j-nfs-1977745:~# apt-cache policy nfs-common
nfs-common:
  Installed: 1:2.6.1-1ubuntu1.1
  Candidate: 1:2.6.1-1ubuntu1.1
  Version table:
*** 1:2.6.1-1ubuntu1.1 500
        500 http://br.archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages

The service starts without errors:
root@j-nfs-1977745:~# /usr/sbin/rpc.svcgssd -f
(nothing in the output)

Updating the principal name and trying again, this time it fails to start (as it should), and instead of a generic keytab entry name, it mentions the one it was expecting to find:

root@j-nfs-1977745:~nfsconf --set svcgssd principal anotherservice/anotherhost@SRURU

root@j-nfs-1977745:~# /usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_NO_CRED (No credentials were supplied, or the credentials were unavailable or inaccessible) - No key table entry found for anotherservice/anotherhost@SRU
unable to obtain root (machine) credentials
do you have a keytab entry for anotherservice/anotherhost@SRU in/etc/krb5.keytab?

As for the manpages:

nfs.conf(5) mentions the extra options:
svcgssd
Recognized values: principal, verbosity, rpc-verbosity, idmap-verbosity.

Jammy verification succeeded.

Jammy verification

Reproducing the bug:
root@j-nfs-1977745:~# apt-cache policy nfs-common
nfs-common:
  Installed: 1:2.6.1-1ubuntu1
  Candidate: 1:2.6.1-1ubuntu1
  Version table:
 *** 1:2.6.1-1ubuntu1 500
        500 http://br.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

root@j-nfs-1977745:~# grep principal /etc/nfs.conf -B 1
[svcgssd]
principal = someservice/somehost@SRU

It fails to start, and mentions a generic keytab entry in the error message.

Now with the fixed package from jammy-proposed:

root@j-nfs-1977745:~# apt-cache policy nfs-common
nfs-common:
  Installed: 1:2.6.1-1ubuntu1.1
  Candidate: 1:2.6.1-1ubuntu1.1
  Version table:
 *** 1:2.6.1-1ubuntu1.1 500
        500 http://br.archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages

The service starts without errors:
root@j-nfs-1977745:~# /usr/sbin/rpc.svcgssd -f
(nothing in the output)

Updating the principal name and trying again, this time it fails to start (as it should), and instead of a generic keytab entry name, it mentions the one it was expecting to find:

root@j-nfs-1977745:~nfsconf --set svcgssd principal anotherservice/anotherhost@SRURU

root@j-nfs-1977745:~# /usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_NO_CRED (No credentials were supplied, or the credentials were unavailable or inaccessible) - No key table entry found for anotherservice/anotherhost@SRU
unable to obtain root (machine) credentials
do you have a keytab entry for anotherservice/anotherhost@SRU in/etc/krb5.keytab?

As for the manpages:

nfs.conf(5) mentions the extra options:
       svcgssd
              Recognized values: principal, verbosity, rpc-verbosity, idmap-verbosity.

Jammy verification succeeded.

Ubuntunfs-utils package

Comment 10 for bug 1977745

Ubuntu
nfs-utils package