LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

August 2011

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL August 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	nfs-utils-1.2.3-7 broken?
From:	"Jonathan G. Underwood" <[log in to unmask]>
Reply To:	Jonathan G. Underwood
Date:	Tue, 2 Aug 2011 11:34:46 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (237 lines)
Hi,

This is related to my previous mail about rpcsvcgssd possibly being broken
due to a linking order issue in 6.1.

However, I have also noticed the following problem:

Having upgraded a client machine to 6.1, I am no longer able to mount nfs4
shares requiring kerberos tickets. If i downgrade just the nfs-utils package
to nfs-utils-1.2.2-7 from (6.0) then all works again.

More detail: with the -v -v -v options passed to rpcgssd on the client
machine, I see thefollowing in /var/log/messages for nfs-utils-1.2.3-7:

Aug  2 16:19:58 burroughs rpc.gssd[3390]: dir_notify_handler: sig 37 si
0x7fff19c6e2b0 data 0x7fff19c6e180
Aug  2 16:19:58 burroughs rpc.gssd[3390]: dir_notify_handler: sig 37 si
0x7fff19c69770 data 0x7fff19c69640
Aug  2 16:19:58 burroughs rpc.gssd[3390]: dir_notify_handler: sig 37 si
0x7fff19c6e2b0 data 0x7fff19c6e180
Aug  2 16:19:58 burroughs rpc.gssd[3390]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnta)
Aug  2 16:19:58 burroughs rpc.gssd[3390]: handle_gssd_upcall: 'mech=krb5 uid=0
enctypes=18,17,16,23,3,1,2 '
Aug  2 16:19:58 burroughs rpc.gssd[3390]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnta)
Aug  2 16:19:58 burroughs rpc.gssd[3390]: process_krb5_upcall: service is
'<null>'
Aug  2 16:19:58 burroughs rpc.gssd[3390]: Full hostname for
'oaxaca.theory.phys.ucl.ac.uk' is 'oaxaca.theory.phys.ucl.ac.uk'
Aug  2 16:19:58 burroughs rpc.gssd[3390]: Full hostname for
'burroughs.theory.phys.ucl.ac.uk' is 'burroughs.theory.phys.ucl.ac.uk'
Aug  2 16:19:58 burroughs rpc.gssd[3390]: No key table entry found for
[log in to unmask] while getting keyta
b entry for [log in to unmask]
Aug  2 16:19:58 burroughs rpc.gssd[3390]: No key table entry found for
[log in to unmask] while getting k
eytab entry for [log in to unmask]
Aug  2 16:19:58 burroughs rpc.gssd[3390]: Success getting keytab entry for
[log in to unmask]
Aug  2 16:19:58 burroughs rpc.gssd[3390]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' are good until 1312383729
Aug  2 16:19:58 burroughs rpc.gssd[3390]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' are good until 1312383729
Aug  2 16:19:58 burroughs rpc.gssd[3390]: using
FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK as credentials cache for machine
creds
Aug  2 16:19:58 burroughs rpc.gssd[3390]: using environment variable to select
krb5 ccache FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK
Aug  2 16:19:58 burroughs rpc.gssd[3390]: creating context using fsuid 0
(save_uid 0)
Aug  2 16:19:58 burroughs rpc.gssd[3390]: ERROR: GSS-API: error in
gss_set_allowable_enctypes(): GSS_S_NO_CRED (No credentials were supplied, or 
the credentials were unavailable or inaccessible) - Unknown error
Aug  2 16:19:58 burroughs rpc.gssd[3390]: WARNING: Failed while limiting krb5
encryption types for user with uid 0
Aug  2 16:19:58 burroughs rpc.gssd[3390]: WARNING: Failed to create machine
krb5 context with credentials cache FILE:/tmp/krb5cc_machine_THEORY.P
HYS.UCL.AC.UK for server oaxaca.theory.phys.ucl.ac.uk
Aug  2 16:19:58 burroughs rpc.gssd[3390]: WARNING: Machine cache is prematurely
expired or corrupted trying to recreate cache for server oaxaca.t
heory.phys.ucl.ac.uk
Aug  2 16:19:58 burroughs rpc.gssd[3390]: Full hostname for
'oaxaca.theory.phys.ucl.ac.uk' is 'oaxaca.theory.phys.ucl.ac.uk'
Aug  2 16:19:58 burroughs rpc.gssd[3390]: Full hostname for
'burroughs.theory.phys.ucl.ac.uk' is 'burroughs.theory.phys.ucl.ac.uk'
Aug  2 16:19:58 burroughs rpc.gssd[3390]: No key table entry found for
[log in to unmask] while getting keyta
b entry for [log in to unmask]
Aug  2 16:19:58 burroughs rpc.gssd[3390]: No key table entry found for
[log in to unmask] while getting k
eytab entry for [log in to unmask]
Aug  2 16:19:58 burroughs rpc.gssd[3390]: Success getting keytab entry for
[log in to unmask]
Aug  2 16:19:58 burroughs rpc.gssd[3390]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' are good until 1312383729
Aug  2 16:19:58 burroughs rpc.gssd[3390]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' are good until 1312383729
Aug  2 16:19:58 burroughs rpc.gssd[3390]: using
FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK as credentials cache for machine
creds
Aug  2 16:19:58 burroughs rpc.gssd[3390]: using environment variable to select
krb5 ccache FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK
Aug  2 16:19:58 burroughs rpc.gssd[3390]: creating context using fsuid 0
(save_uid 0)
Aug  2 16:19:58 burroughs rpc.gssd[3390]: ERROR: GSS-API: error in
gss_set_allowable_enctypes(): GSS_S_NO_CRED (No credentials were supplied, or 
the credentials were unavailable or inaccessible) - Unknown error
Aug  2 16:19:58 burroughs rpc.gssd[3390]: WARNING: Failed while limiting krb5
encryption types for user with uid 0
Aug  2 16:19:58 burroughs rpc.gssd[3390]: WARNING: Failed to create machine
krb5 context with credentials cache FILE:/tmp/krb5cc_machine_THEORY.P
HYS.UCL.AC.UK for server oaxaca.theory.phys.ucl.ac.uk
Aug  2 16:19:58 burroughs rpc.gssd[3390]: WARNING: Failed to create machine
krb5 context with any credentials cache for server oaxaca.theory.phys
.ucl.ac.uk
Aug  2 16:19:58 burroughs rpc.gssd[3390]: doing error downcall
Aug  2 16:19:58 burroughs rpc.gssd[3390]: dir_notify_handler: sig 37 si
0x7fff19c6dd70 data 0x7fff19c6dc40
Aug  2 16:19:58 burroughs rpc.gssd[3390]: dir_notify_handler: sig 37 si
0x7fff19c6e2b0 data 0x7fff19c6e180
Aug  2 16:19:58 burroughs rpc.gssd[3390]: dir_notify_handler: sig 37 si
0x7fff19c6e2b0 data 0x7fff19c6e180


Downgrading to nfs-utils-1.2.2-7 from rhel 6.0 and restarting rpcgssd I see
success and the following in /var/log/messages:

Aug  2 16:26:45 burroughs rpc.gssd[4626]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handle_gssd_upcall: 'mech=krb5 uid=0
enctypes=18,17,16,23,3,1,2 '
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: process_krb5_upcall: service is
'<null>'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: Full hostname for
'oaxaca.theory.phys.ucl.ac.uk' is 'oaxaca.theory.phys.ucl.ac.uk'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: Full hostname for
'burroughs.theory.phys.ucl.ac.uk' is 'burroughs.theory.phys.ucl.ac.uk'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: No key table entry found for
[log in to unmask] while getting keytab
entry for [log in to unmask]
Aug  2 16:26:45 burroughs rpc.gssd[4626]: Success getting keytab entry for
[log in to unmask]
Aug  2 16:26:45 burroughs rpc.gssd[4626]: Successfully obtained machine
credentials for principal
[log in to unmask] stored in ccache
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' are good until 1312385205
Aug  2 16:26:45 burroughs rpc.gssd[4626]: using
FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK as credentials cache for machine
creds
Aug  2 16:26:45 burroughs rpc.gssd[4626]: using environment variable to select
krb5 ccache FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating context using fsuid 0
(save_uid 0)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating tcp client for server
oaxaca.theory.phys.ucl.ac.uk
Aug  2 16:26:45 burroughs rpc.gssd[4626]: DEBUG: port already set to 2049
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating context with server
[log in to unmask]
Aug  2 16:26:45 burroughs rpc.gssd[4626]: DEBUG: serialize_krb5_ctx: lucid
version!
Aug  2 16:26:45 burroughs rpc.gssd[4626]: prepare_krb5_rfc4121_buffer: protocol
1
Aug  2 16:26:45 burroughs rpc.gssd[4626]: prepare_krb5_rfc4121_buffer:
serializing key with enctype 18 and size 32
Aug  2 16:26:45 burroughs rpc.gssd[4626]: doing downcall
Aug  2 16:26:45 burroughs kernel: Intel AES-NI instructions are not detected.
Aug  2 16:26:45 burroughs kernel: padlock: VIA PadLock not detected.
Aug  2 16:26:45 burroughs rpc.gssd[4626]: destroying client
/var/lib/nfs/rpc_pipefs/nfs/clntd
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handle_gssd_upcall: 'mech=krb5
uid=10000 enctypes=18,17,16,23,3,1,2 '
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: process_krb5_upcall: service is
'<null>'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: getting credentials for client with
uid 10000 for server oaxaca.theory.phys.ucl.ac.uk
Aug  2 16:26:45 burroughs rpc.gssd[4626]: CC file
'/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' being considered, with preferred
realm 'THEORY.PHYS.UCL.AC.UK'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: CC file
'/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' owned by 0, not 10000
Aug  2 16:26:45 burroughs rpc.gssd[4626]: CC file '/tmp/krb5cc_10000_VsfDdR'
being considered, with preferred realm 'THEORY.PHYS.UCL.AC.UK'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: CC file
'/tmp/krb5cc_10000_VsfDdR'([log in to unmask]) passed all checks and has
mtime of 1312298804
Aug  2 16:26:45 burroughs rpc.gssd[4626]: CC file '/tmp/krb5cc_0' being
considered, with preferred realm 'THEORY.PHYS.UCL.AC.UK'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: CC file '/tmp/krb5cc_0' owned by 0,
not 10000
Aug  2 16:26:45 burroughs rpc.gssd[4626]: using FILE:/tmp/krb5cc_10000_VsfDdR
as credentials cache for client with uid 10000 for server
oaxaca.theory.phys.ucl.ac.uk
Aug  2 16:26:45 burroughs rpc.gssd[4626]: using environment variable to select
krb5 ccache FILE:/tmp/krb5cc_10000_VsfDdR
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating context using fsuid 10000
(save_uid 0)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating tcp client for server
oaxaca.theory.phys.ucl.ac.uk
Aug  2 16:26:45 burroughs rpc.gssd[4626]: DEBUG: port already set to 2049
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating context with server
[log in to unmask]
Aug  2 16:26:45 burroughs rpc.gssd[4626]: DEBUG: serialize_krb5_ctx: lucid
version!
Aug  2 16:26:45 burroughs rpc.gssd[4626]: prepare_krb5_rfc4121_buffer: protocol
1
Aug  2 16:26:45 burroughs rpc.gssd[4626]: prepare_krb5_rfc4121_buffer:
serializing key with enctype 18 and size 32
Aug  2 16:26:45 burroughs rpc.gssd[4626]: doing downcall
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handle_gssd_upcall: 'mech=krb5 uid=0
service=* enctypes=18,17,16,23,3,1,2 '
Aug  2 16:26:45 burroughs rpc.gssd[4626]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: process_krb5_upcall: service is '*'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: Full hostname for
'oaxaca.theory.phys.ucl.ac.uk' is 'oaxaca.theory.phys.ucl.ac.uk'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: Full hostname for
'burroughs.theory.phys.ucl.ac.uk' is 'burroughs.theory.phys.ucl.ac.uk'
Aug  2 16:26:45 burroughs rpc.gssd[4626]: No key table entry found for
[log in to unmask] while getting keytab
entry for [log in to unmask]
Aug  2 16:26:45 burroughs rpc.gssd[4626]: Success getting keytab entry for
[log in to unmask]
Aug  2 16:26:45 burroughs rpc.gssd[4626]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' are good until 1312385205
Aug  2 16:26:45 burroughs rpc.gssd[4626]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK' are good until 1312385205
Aug  2 16:26:45 burroughs rpc.gssd[4626]: using
FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK as credentials cache for machine
creds
Aug  2 16:26:45 burroughs rpc.gssd[4626]: using environment variable to select
krb5 ccache FILE:/tmp/krb5cc_machine_THEORY.PHYS.UCL.AC.UK
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating context using fsuid 0
(save_uid 0)
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating tcp client for server
oaxaca.theory.phys.ucl.ac.uk
Aug  2 16:26:45 burroughs rpc.gssd[4626]: DEBUG: port already set to 2049
Aug  2 16:26:45 burroughs rpc.gssd[4626]: creating context with server
[log in to unmask]
Aug  2 16:26:45 burroughs rpc.gssd[4626]: DEBUG: serialize_krb5_ctx: lucid
version!
Aug  2 16:26:45 burroughs rpc.gssd[4626]: prepare_krb5_rfc4121_buffer: protocol
1
Aug  2 16:26:45 burroughs rpc.gssd[4626]: prepare_krb5_rfc4121_buffer:
serializing key with enctype 18 and size 32
Aug  2 16:26:45 burroughs rpc.gssd[4626]: doing downcall
ATOM RSS1 RSS2
LISTSERV.FNAL.GOV