[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#446238: marked as done (nfs-common: Locks when using nfs4 sec=krb5 and user ticket expires)

Your message dated Sat, 19 Mar 2022 17:21:17 +0100
with message-id <655212549a6125b02fa4162c5d6cc49085f2d4c5.camel@decadent.org.uk>
and subject line Re: nfs-utils updated to 1.3.4-1, please check your bug #446238
has caused the Debian Bug report #446238,
regarding nfs-common: Locks when using nfs4 sec=krb5 and user ticket expires
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
446238: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446238
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: nfs-common
Version: 1:1.0.10-6+etch.1
Severity: important

The problem can be reproduced in the following conditions

Automounted homes over nfs4 with sec=krb5
Start a session on the nfs client and let the user ticked (used to grant the nfs access) expire

After this the user can not access is home (as should be expected)
However, it also appens that, for example, any trial to start a new session of some other user will sucessfully mount the respective home but the login process will stay
forever trying to read a file (.bash_profile for example).
The client syslog presents messages like these

Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error
Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt
Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error
Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt
Oct 11 07:44:46 directivo kernel: Error: state recovery failed on NFSv4 server 192.168.0.99 with error 13
Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error
Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt
Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error
Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt
Oct 11 07:44:46 directivo kernel: Error: state recovery failed on NFSv4 server 192.168.0.99 with error 13

where 726 is the owner of the expired ticket in the present case

Refreshing the expired ticket for this user grants him access to his home again and, additionaly, unlocks access to the other user homes

In a single user nfs client machine this is pretty harmless, but in a multiuser one or if it is an X or thin terminal server, as it is the case here, this is a show stopper

On client
autofs                           4.1.4-13
libpam-krb5                      2.6-1

On server

nfs-kernel-server                1.0.10-6+etch.1
krb5-kdc                         1.4.4-7etch4
libkrb53                         1.4.4-7etch4


If more details or log contents are needed please let me know

Thanks in advance for any help

Pedro Rodrigues

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=pt_PT.UTF-8, LC_CTYPE=pt_PT.UTF-8 (charmap=UTF-8)

Versions of packages nfs-common depends on:
ii  adduser  3.102                           Add and remove users and groups
ii  libc6    2.3.6.ds1-13etch2               GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii  libevent 1.1a-1                          An asynchronous event notification
ii  libgssap 0.10-4                          A mechanism-switch gssapi library
ii  libkrb53 1.4.4-7etch4                    MIT Kerberos runtime libraries
ii  libnfsid 0.18-0                          An nfs idmapping library
ii  librpcse 0.14-2etch1                     allows secure rpc communication us
ii  libwrap0 7.6.dbs-13                      Wietse Venema's TCP wrappers libra
ii  lsb-base 3.1-23.2etch1                   Linux Standard Base 3.1 init scrip
ii  netbase  4.29                            Basic TCP/IP networking system
ii  portmap  5-26                            The RPC portmapper
ii  ucf      2.0020                          Update Configuration File: preserv

nfs-common recommends no packages.

-- no debconf information

-- 
_____________________________________________________________
Pedro Celestino dos Reis Rodrigues
Departamento de Química e Bioquímica
Faculdade de Ciências da Universidade de Lisboa
Tel: 21750000-28619

--- End Message ---
--- Begin Message --- 
On Thu, 15 Dec 2016 13:47:27 +0000 Pedro Celestino dos Reis Rodrigues
<reis@fc.ul.pt> wrote:
> Hi Daniel
> 
> I am no longer in conditions to check if the problem is solved.
> Unless any of the other reporters believes that it is not the case
the bug can 
> be closed.

Sorry we never found a solution for this.  I'm closing the bug report
now.

Ben.

-- 
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
Reply to: