Linux-NFS Archive on lore.kernel.org
 help / color / Atom feed
* Fedora 32 rpc.gssd misbehavior
@ 2020-07-29 17:19 Chuck Lever
  2020-07-29 18:27 ` Chuck Lever
  0 siblings, 1 reply; 15+ messages in thread
From: Chuck Lever @ 2020-07-29 17:19 UTC (permalink / raw)
  To: Jeff Layton, Bruce Fields; +Cc: Simo Sorce, Linux NFS Mailing List

Hi!

I recently updated my test systems from EL7 to Fedora 32, and
NFSv4.0 with Kerberos has stopped working.

I mount with "klimt.ib" as before. The client workload stops
dead when the server tries to perform its first CB_RECALL.

I added some client instrumentation:

   kernel: NFSv4: Callback principal (nfs@klimt.ib.1015granger.net) does not match acceptor (nfs@klimt.ib).
   kernel: NFS: NFSv4 callback contains invalid cred

I boosted gssd verbosity, and it says:

   rpc.gssd[986]: doing downcall: lifetime_rec=72226 acceptor=nfs@klimt.ib

But it knows the full hostname for the server:

   rpc.gssd[986]: Full hostname for 'klimt.ib' is 'klimt.ib.1015granger.net'


The acceptor appears to come from the Kerberos library. Shouldn't
it be canonicalized? If so, should the Kerberos library do it, or
should gssd? Since this behavior appeared after an upgrade, I
suspect a Kerberos library regression. But it could be config-
related, since both systems were re-imaged from the ground up.

Also noticing some other problems on the server (missing hostname
strings in debug messages, sssd_kcm infinite loops, and gssd
sending garbage to the client after the NULL request that
establishes the callback context).

But let's look at the client acceptor problem first.


--
Chuck Lever




^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, back to index

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-29 17:19 Fedora 32 rpc.gssd misbehavior Chuck Lever
2020-07-29 18:27 ` Chuck Lever
2020-07-30 14:43   ` Steve Dickson
2020-07-30 16:14   ` Simo Sorce
2020-07-30 17:08     ` Robbie Harwood
2020-07-30 17:59       ` Chuck Lever
2020-07-30 19:10         ` Simo Sorce
2020-07-30 19:39           ` Chuck Lever
2020-08-10 15:28             ` Chuck Lever
2020-07-30 17:09     ` Chuck Lever
2020-07-30 17:57       ` Simo Sorce
2020-07-30 18:07         ` Chuck Lever
2020-07-30 18:20           ` Simo Sorce
2020-07-30 18:29             ` Chuck Lever
2020-07-30 18:55               ` Simo Sorce

Linux-NFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
		linux-nfs@vger.kernel.org
	public-inbox-index linux-nfs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git