From: Daniel Kobras <kobras@puzzle-itc.de>
To: Kevin Vasko <kvasko@gmail.com>
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: NFSv4 client locks up on larger writes with Kerberos enabled
Date: Thu, 26 Sep 2019 09:30:17 +0200 [thread overview]
Message-ID: <d999fc1a-dcc6-b3c3-c8e5-e07f9b5523c2@puzzle-itc.de> (raw)
In-Reply-To: <CAMd28E-zcjuCfVbDCra4Av3Ewsdd-Ai=E0j3tF2GKJ8P6nG8=w@mail.gmail.com>
Hi!
Am 25.09.19 um 20:44 schrieb Kevin Vasko:
> When should the NFS server be sending a packet to the Kerberos server
> to validate the write? Or should it be? I did do packet capture on the
> Unity box but I don’t see anything really useful regarding Kerberos
> authentication. What should I be looking for in the packet traces to
> look for the authentication packets?
You shouldn't see any direct communication between the NFS server and
the KDC. All information is passed indirectly via the NFS client, and
used to establish a GSS context during the initial handshake. In other
words, in your setup, if you see encrypted packets on the wire, Kerberos
has done its job already, and the errors you're seeing are unlikely to
be intrinsic to Kerberos itself, but rather caused by side-effects.
Kind regards,
Daniel
--
Daniel Kobras
Principal Architect
Puzzle ITC Deutschland
+49 7071 14316 0
www.puzzle-itc.de
--
Puzzle ITC Deutschland GmbH
Sitz der Gesellschaft: Jurastr. 27/1, 72072
Tübingen
Eingetragen am Amtsgericht Stuttgart HRB 765802
Geschäftsführer:
Lukas Kallies, Daniel Kobras, Mark Pröhl
next prev parent reply other threads:[~2019-09-26 7:30 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-18 23:36 NFSv4 client locks up on larger writes with Kerberos enabled Kevin Vasko
[not found] ` <E172CA50-EC89-4072-9C1D-1B825DC3FE8B@lysator.liu.se>
2019-09-19 14:19 ` Kevin Vasko
[not found] ` <72E82F62-C743-4783-B81E-98E6A8E35738@lysator.liu.se>
2019-09-19 14:58 ` Kevin Vasko
2019-09-25 16:48 ` J. Bruce Fields
2019-09-25 17:06 ` Chuck Lever
2019-09-25 18:44 ` Kevin Vasko
2019-09-25 18:49 ` Chuck Lever
2019-09-25 19:10 ` Kevin Vasko
2019-09-25 20:07 ` Bruce Fields
2019-09-26 15:55 ` Chuck Lever
2019-09-26 16:05 ` Bruce Fields
2019-09-26 19:55 ` Bruce Fields
2019-09-30 14:51 ` Kevin Vasko
2019-09-30 16:19 ` Bruce Fields
2019-09-26 7:30 ` Daniel Kobras [this message]
2019-09-26 16:25 Kevin Vasko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d999fc1a-dcc6-b3c3-c8e5-e07f9b5523c2@puzzle-itc.de \
--to=kobras@puzzle-itc.de \
--cc=kvasko@gmail.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).