Need help with nfsv4 and krb5 access denied
Rick Macklem
rmacklem at uoguelph.ca
Mon Sep 3 19:25:46 UTC 2012
Herbert Poeckl wrote:
> On 6/25/12 1:21 PM, Herbert Poeckl wrote:
> > We are getting access denied error on our debian clients when
> > mounting
> > nfsv4 network drives with kerberos 5 authentication.
> >
> > What is wired about this, is that it works with one server, but not
> > with
> > a second server.
> [..]
>
> For the records:
>
> The problem was fixed in this post:
> http://lists.freebsd.org/pipermail/freebsd-fs/2012-August/015047.html
>
Ok, so are you saying that the patch in Attila's email fixed your problem?
If so, please try the attached patch. (It doesn't set the client security
handle stale when DESTROY fails, due to an invalid encrypted checksum. It
is similar to his patch, but only for the DESTROY case, which seems to be
ok to do from my understanding of the RPCSEC_GSS. It doesn't include the
timer changes, which shouldn't affect the outcome from afaik.)
To consider the client security handle still valid when a data (real RPC
in the message) phase entry fails the encrypted checksum seems riskier to
do, so I'd like to avoid that in any patch for head.
rick
> Kind regards,
> Herbert Poeckl
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to
> "freebsd-stable-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rpcsec-destroy.patch
Type: text/x-patch
Size: 1002 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20120903/a8ddbf21/rpcsec-destroy.bin
More information about the freebsd-stable
mailing list