Bugzilla – Bug 657813
update to nfs-client-1.2.1-8.3 causes NFS4 mount with sec=krb5 to stop working
Last modified: 2011-02-09 03:44:35 UTC
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 We have home directories mounted from /etc/fstab with: home:/vol/home_ph1 /cs/home_ph1 nfs4 sec=krb5,rw 0 0 This worked until this morning when I updated to nfs-client-1.2.1-8.3.1 This affected 11.3 systems using kernel 2.6.34.7-0.5-default and 2.6.34.7-0.5-desktop. Many other systems running openSUSE 11.2, which did not get the nfs-client update, still mount /cs/home_ph1 with no problem. No change on the server side, as far as we know. Reproducible: Always Steps to Reproduce: 1. Kerberized NFS4 setup is quite complex, don't think I can reproduce the steps in a simple list like this. 2. Took a system that mounts home:/vol/home_ph1, ran "yast2 online_update" 3. Same system now fails to mount home:/vol/home_ph1. Actual Results: /root # mount -vvv /cs/home_ph1 mount: fstab path: "/etc/fstab" mount: mtab path: "/etc/mtab" mount: lock path: "/etc/mtab~" mount: temp path: "/etc/mtab.tmp" mount: UID: 0 mount: eUID: 0 mount: spec: "home:/vol/home_ph1" mount: node: "/cs/home_ph1" mount: types: "nfs4" mount: opts: "sec=krb5,rw" mount: external mount: argv[0] = "/sbin/mount.nfs4" mount: external mount: argv[1] = "home:/vol/home_ph1" mount: external mount: argv[2] = "/cs/home_ph1" mount: external mount: argv[3] = "-v" mount: external mount: argv[4] = "-o" mount: external mount: argv[5] = "rw,sec=krb5" mount.nfs4: timeout set for Mon Dec 6 12:46:23 2010 mount.nfs4: trying text-based options 'sec=krb5,addr=10.111.42.120,clientaddr=140.107.168.89' mount.nfs4: mount(2): Permission denied mount.nfs4: access denied by server while mounting home:/vol/home_ph1 Expected Results: This is from an 11.2 system, since all my 11.3 systems have the problem. /root # mount -vvv /cs/home_ph1 mount: fstab path: "/etc/fstab" mount: mtab path: "/etc/mtab" mount: lock path: "/etc/mtab~" mount: temp path: "/etc/mtab.tmp" mount: UID: 0 mount: eUID: 0 mount: spec: "home:/vol/home_ph1" mount: node: "/cs/home_ph1" mount: types: "nfs4" mount: opts: "sec=krb5,rw" mount: external mount: argv[0] = "/sbin/mount.nfs4" mount: external mount: argv[1] = "home:/vol/home_ph1" mount: external mount: argv[2] = "/cs/home_ph1" mount: external mount: argv[3] = "-v" mount: external mount: argv[4] = "-o" mount: external mount: argv[5] = "rw,sec=krb5" mount.nfs4: timeout set for Mon Dec 6 13:25:05 2010 mount.nfs4: text-based options: 'sec=krb5,clientaddr=140.107.142.161,addr=10.111.42.120' home:/vol/home_ph1 on /cs/home_ph1 type nfs4 (rw,sec=krb5)
I found the problem. nfs-client replaces /usr/sbin/rpc.gssd, and we have a later version of rpc.gssd that apparently has some bug fixed. Replacing the "updated" version of rpc.gssd with our version fixed the problem, and kerberized NFS4 mounts are working again. This is all very well for us, but that means other people (if any!) who rely on kerberized NFS4 got clobbered by this update.
Olaf Kirch, could you please, please make this work permanently ? https://bugzilla.novell.com/show_bug.cgi?id=614293 Thanks much
This appears to be a duplicate of bug 614293 i.e. something wrong with rpc.gssd. *** This bug has been marked as a duplicate of bug 614293 ***