From: Simo Sorce <simo@redhat.com>
To: Weston Andros Adamson <dros@netapp.com>
Cc: Jeff Layton <jlayton@poochiereds.net>,
linux-nfs list <linux-nfs@vger.kernel.org>
Subject: Re: Strange cred expiry behavior
Date: Tue, 22 Oct 2013 12:23:15 +0000 [thread overview]
Message-ID: <1382444595.9794.20.camel@willson.li.ssimo.org> (raw)
In-Reply-To: <4BDA1624-63A7-4325-BB4B-4988C1D37127@netapp.com>
On Tue, 2013-10-22 at 02:38 +0000, Weston Andros Adamson wrote:
> On Oct 21, 2013, at 10:31 PM, Weston Andros Adamson <dros@netapp.com>
> wrote:
>
> >
> > On Oct 21, 2013, at 10:23 PM, Jeff Layton <jlayton@poochiereds.net> wrote:
> >
> >> On Mon, 21 Oct 2013 23:53:16 +0000
> >> Weston Andros Adamson <dros@netapp.com> wrote:
> >>
> >>> I traced this behavior back to:
> >>>
> >>> commit 302de786930a2c533068f9d8909a817b40f07c32
> >>> Author: Simo Sorce <simo@redhat.com>
> >>> Date: Fri Apr 19 13:02:36 2013 -0400
> >>>
> >>> gssd: Allow GSSAPI to try to acquire credentials first.
> >>>
> >>>
> >>> And in particular:
> >>>
> >>> - for (dirname = ccachesearch; *dirname != NULL; dirname++) {
> >>> + /* Try first to acquire credentials directly via GSSAPI */
> >>> + err = gssd_acquire_user_cred(uid, &gss_cred);
> >>> + if (!err)
> >>> + create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
> >>> + AUTHTYPE_KRB5, gss_cred);
> >>> + /* if create_auth_rplc_client fails try the traditional method of
> >>> + * trolling for credentials */
> >>> + for (dirname = ccachesearch; create_resp != 0 && *dirname != NULL; dirname++) {
> >>>
> >>
> >>
> >>> A couple of things:
> >>>
> >>> - If I get rid of the "Try first to acquire credentials directly via GSSAPI" part, expiry works as before.
> >>>
> >>
> >>
> >> Steve just merged a couple of patches from me that change this code
> >> some. It's probably worth testing with those before you make any
> >> changes.
> >>
> >
> > Thanks, I'll check it out.
>
> Bisecting brought me to 302de786930a2c533068f9d8909a817b40f07c32 and
> I've confirmed that the problem is still in steved's master branch as
> of today. Are you sure the patches you're thinking of have been
> merged?
TBH I do not expect those patches to make any difference in this case.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
next prev parent reply other threads:[~2013-10-22 12:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-21 20:07 Strange cred expiry behavior Weston Andros Adamson
2013-10-21 23:53 ` Weston Andros Adamson
2013-10-22 2:23 ` Jeff Layton
2013-10-22 2:31 ` Weston Andros Adamson
2013-10-22 2:38 ` Weston Andros Adamson
2013-10-22 8:48 ` Steve Dickson
2013-10-22 12:23 ` Simo Sorce [this message]
2013-10-22 12:20 ` Simo Sorce
2013-10-22 12:52 ` Weston Andros Adamson
2013-10-22 13:59 ` Weston Andros Adamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1382444595.9794.20.camel@willson.li.ssimo.org \
--to=simo@redhat.com \
--cc=dros@netapp.com \
--cc=jlayton@poochiereds.net \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.