[Bug 893777] Re: Kerberos context creation fails
Serge Hallyn
893777 at bugs.launchpad.net
Thu Mar 6 05:40:14 UTC 2014
Please reply if this is still an issue on a supported release.
** Changed in: libtirpc (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libtirpc in Ubuntu.
https://bugs.launchpad.net/bugs/893777
Title:
Kerberos context creation fails
Status in “libtirpc” package in Ubuntu:
Invalid
Bug description:
We have an kerberos server setup which exports nfs volumes protected
by krb5. This setup works fine with debian and osx machines, however
ubuntu 11.10 fails to mount these exports.
More precisely we set up ldap, and kerberos. Then we configured
rpc.gssd to be launched with "-vvvvv -n" options. Now, when being root
we obtain a ticket with kinit and then try to mount the export
root at kroko-vm:~# kinit
Password for root at PURPLE.PHYSCIP.UNI-STUTTGART.DE:
root at kroko-vm:~# klist -fea
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root at PURPLE.PHYSCIP.UNI-STUTTGART.DE
Valid starting Expires Service principal
11/22/11 22:19:16 11/23/11 08:19:16 krbtgt/PURPLE.PHYSCIP.UNI-STUTTGART.DE at PURPLE.PHYSCIP.UNI-STUTTGART.DE
renew until 11/23/11 22:19:11, Flags: RIA
Etype (skey, tkt): aes256-cts-hmac-sha1-96, des3-cbc-sha1
Addresses: (none)
root at kroko-vm:~# cat /etc/fstab | grep home.nfs
purple:/Volumes/home /home.nfs nfs users,sec=krb5,vers=3 0 0
root at kroko-vm:~# mount -vvvv /home.nfs
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "purple:/Volumes/home"
mount: node: "/home.nfs"
mount: types: "nfs"
mount: opts: "users,sec=krb5,vers=3"
mount: external mount: argv[0] = "/sbin/mount.nfs"
mount: external mount: argv[1] = "purple:/Volumes/home"
mount: external mount: argv[2] = "/home.nfs"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,noexec,nosuid,nodev,users,sec=krb5,vers=3"
mount.nfs: timeout set for Tue Nov 22 22:26:54 2011
mount.nfs: trying text-based options 'sec=krb5,vers=3,addr=129.69.74.129'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 129.69.74.129 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 129.69.74.129 prog 100005 vers 3 prot UDP port 859
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting purple:/Volumes/home
syslog says:
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt7)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt7)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 0 for server purple.physcip.uni-stuttgart.de
CC file '/tmp/krb5cc_0' being considered, with preferred realm 'PURPLE.PHYSCIP.UNI-STUTTGART.DE'
CC file '/tmp/krb5cc_0'(root at PURPLE.PHYSCIP.UNI-STUTTGART.DE) passed all checks and has mtime of 1321997094
using FILE:/tmp/krb5cc_0 as credentials cache for client with uid 0 for server purple.physcip.uni-stuttgart.de
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_0
creating context using fsuid 0 (save_uid 0)
creating tcp client for server purple.physcip.uni-stuttgart.de
DEBUG: port already set to 2049
creating context with server nfs at purple.physcip.uni-stuttgart.de
WARNING: Failed to create krb5 context for user with uid 0 for server purple.physcip.uni-stuttgart.de
WARNING: Failed to create krb5 context for user with uid 0 for server purple.physcip.uni-stuttgart.de
doing error downfall
I found a very similar bug filed in the opensuse bug database:
http://www.novell.com/support/viewContent.do?externalId=7008928&sliceId=1
Maybe they are linked in some way.
As said, mounting works fine on debian squeeze, and OSX 10.6.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libtirpc/+bug/893777/+subscriptions
More information about the foundations-bugs
mailing list