[Bug 235582] rpc_svc_gss / nfsd kernel panic
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 10 21:56:22 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235582
--- Comment #14 from Rick Macklem <rmacklem at FreeBSD.org> ---
Well, since that is the output of gss_export_name(), I suspect that
won't be found in the password database and will map to nobody.
Note that the fact that it ends in "@AD.LIU.SE" suggests that the
gss_export_name() isn't doing what it needs to do.
Normally the output of gss_export_name() should be:
For a user principal, just the user, such as "tesje148".
For a host principal, <name>@<host.domain>, such as "nfs at filur00.it.liu.se".
Unless there is an additional step in the GSSAPI to get to the "user" or
"user at domain" name that I have forgotten. (I am not the author of this code,
but I did write a RPCSEC_GSS implementation for the early NFSv4 code I did
long ago.)
Maybe gss_pname_to_unix_cred() does some additional conversion?
(If you add a couple of printf()s in gss_pname_to_unix_cred(), you should
be able to tell if the cname is translating to a unix cred ok.)
You also might consider testing with my second patch and not the first one
that changes client->cl_cname to a local cname. (I may have screwed the patch
up, since I can't test them.)
I don't think this is related to the crash.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-fs
mailing list