Re: lockd and krb5

["J. Bruce Fields" <bfields@fieldses.org>]

On Sun, Nov 19, 2006 at 06:31:57PM +0100, Helge Bahmann wrote:
> Am Freitag, 17. November 2006 19:44 schrieben Sie:
> > On Fri, Nov 17, 2006 at 09:22:40AM +0100, Helge Bahmann wrote:
> > > > > > Is the KDE startup that often triggers this at initial login, or at
> > > > > > some other time?
> > > > >
> > > > > seems completely erratic; it happens both at initial login as well as
> > > > > second login (after successful logout, but before credentials
> > > > > expire); if there is any regularity at all then it seems that initial
> > > > > login seems more likely to succeed
> > > >
> > > > Is the filesystem exported under both secuirty flavors (krb5 and sys),
> > > > with the export options otherwise the same?
> > >
> > > it is exported to the following clients:
> > > *(ro,all_sqash,fsid=9)
> > > test.client.for.auth_unix(rw,sync,fsid=9)
> > > gss/krb5(rw,sync,fsid=9)
> >
> > Do you see the same problems if your exports all have the same options?
> > E.g.
> >
> > 	*(rw,sync,fsid=9)
> > 	gss/krb5(rw,sync,fsid=9)
> 
> this seems kind of pointless because then I would be exporting the whole 
> filesystem with "sys" security which is exactly what I want to avoid

I agree; but knowing whether you can reproduce the same problem with the
above configuration might help determine where exactly the bug is.

(Unfortunately, though, there's a known problem here: since the lockd
client always uses auth_sys, locking will not work on a client that
doesn't have auth_sys access to the export.  I'm not sure yet what the
right fix is for that problem.)

> but AFAIC remember the server had an active export entry with sys
> security for the test machine with the exact same options as for
> gss/krb5, only "world" export was marked ro,all_squash during the gss
> test

Yes, I'm not sure why that didn't work.

> but I will make sure to include this when I try to capture traffic
> logs next week

Thanks.--b.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs