All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kevin Coffman <kwc@citi.umich.edu>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Steve Dickson <SteveD@redhat.com>, Jim Rees <rees@umich.edu>,
	Valentijn Sessink <valentyn@blub.net>,
	Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: Strange rpc.svcgssd behavior
Date: Wed, 17 Nov 2010 11:26:11 -0500	[thread overview]
Message-ID: <AANLkTi=CgbEAewXEtErN5KxmNyWCL8-Jqc69v67cgZ2J@mail.gmail.com> (raw)
In-Reply-To: <013E9F9C-F4F8-47E6-939D-1B0D893B6988@oracle.com>

On Wed, Nov 17, 2010 at 11:05 AM, Chuck Lever <chuck.lever@oracle.com> wrote:
>
> On Nov 17, 2010, at 10:54 AM, Kevin Coffman wrote:
>
>> On Wed, Nov 17, 2010 at 10:30 AM, Chuck Lever <chuck.lever@oracle.com> wrote:
>>> Hey-
>>>
>>> On Nov 17, 2010, at 10:18 AM, Steve Dickson wrote:
>>>
>>>> Sorry for the delayed response... I had my
>>>> head down for last couple of days...
>>>>
>>>> On 11/16/2010 04:42 PM, Chuck Lever wrote:
>>>>>
>>>>> On Nov 16, 2010, at 3:54 PM, Jim Rees wrote:
>>>>>
>>>>>> Chuck Lever wrote:
>>>>>>
>>>>>> Before we go too far down the NM path of no return, I was under the
>>>>>> impression that some applications require the host's name on the localhost
>>>>>> entries in /etc/hosts.  That's why NM puts it there.
>>>>>>
>>>>>> There's nothing invalid about having a hostname on the localhost entries
>>>>>> in /etc/hosts, is there?
>>>>>>
>>>>>> So I wonder if removing NM is really the solution here.
>>>>>>
>>>>>> No, it's not.  I just like to complain about NM.
>>>>>>
>>>>>> The original problem was that rpc.svcgssd couldn't figure out the correct
>>>>>> kerberos realm.  The fix in this particular case, I think, is to set the
>>>>>> realm explicitly in /etc/idmapd.conf.
>>>>>
>>>>> It's having trouble determining the NFS server's hostname.  It needs to find the right nfs/your.host key in /etc/krb5.keytab.
>>>>>
>>>>> I don't know if realm self-discovery is an issue too.
>>>> I think the problem is a reverse lookup is done on hostname that
>>>> is found in the /etc/krb5.keytab. Instead of the FQDN being
>>>> returned, localhost is returned because the FQDN was added to
>>>> the localhost line in /etc/hosts.
>>>>
>>>> Actually I didn't realize it was NM doing that... I thought
>>>> it was the installer...
>>>
>>> No matter who does it, I think there are applications
>>> (gdm?  rusty recollection) that require this network configuration
>>> in /etc/hosts, so our best bet IMO is to fix rpc.svcgssd, or more
>>> likely the gss library it depends on, to get it right in this situation.
>>> If we all agree this is a bug (and sounds like we do) then I can
>>> create a bug report on bugzilla.linux-nfs.org, as a starting point.
>>
>> Hi Chuck and Steve,
>> This issue affects gss authentication in sshd as well.  I believe this
>> is all the way down in the Kerberos code, which has been this way for
>> years.  I'm not sure what needs to be changed to "get it right".
>
> I was afraid of that.  Do you know if this has this ever been brought
> up with the upstream Kerberos maintainers?

Not that I am aware of.  Like Valentin, I believe it to be a
NetworkManager bug.  (The Kerberos code works fine on all other Unix
platforms.)

K.C.

  reply	other threads:[~2010-11-17 16:26 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-15 17:39 Strange rpc.svcgssd behavior Chuck Lever
2010-11-16 15:58 ` Valentijn Sessink
2010-11-16 19:44   ` Valentijn Sessink
2010-11-16 20:17     ` Jim Rees
2010-11-16 20:22       ` Chuck Lever
2010-11-16 20:54         ` Jim Rees
2010-11-16 21:41           ` J. Bruce Fields
2010-11-16 21:42           ` Chuck Lever
2010-11-17 15:18             ` Steve Dickson
2010-11-17 15:30               ` Chuck Lever
2010-11-17 15:54                 ` Kevin Coffman
2010-11-17 16:05                   ` Chuck Lever
2010-11-17 16:26                     ` Kevin Coffman [this message]
2010-11-17 17:51                       ` Chuck Lever
2010-11-17 18:52                         ` Valentijn Sessink
2010-11-17 16:15                   ` Valentijn Sessink

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='AANLkTi=CgbEAewXEtErN5KxmNyWCL8-Jqc69v67cgZ2J@mail.gmail.com' \
    --to=kwc@citi.umich.edu \
    --cc=SteveD@redhat.com \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=rees@umich.edu \
    --cc=valentyn@blub.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.