From: Kevin Coffman <kwc@citi.umich.edu>
To: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Cc: linux-nfs@vger.kernel.org
Subject: Re: trouble using kerberos between linux client and server
Date: Tue, 17 Aug 2010 13:56:26 -0400 [thread overview]
Message-ID: <AANLkTim2LL+utWDeEUWrgyrSuNiQv0HeUTPLn7oPNKK2@mail.gmail.com> (raw)
In-Reply-To: <4C66B207.5060101@inria.fr>
On Sat, Aug 14, 2010 at 11:11 AM, Guillaume Rousse
<Guillaume.Rousse@inria.fr> wrote:
> Le 13/05/2010 23:13, Guillaume Rousse a écrit :
>> Le 13/05/2010 14:55, Kevin Coffman a écrit :
>>> On Thu, May 13, 2010 at 5:09 AM, Guillaume Rousse
>>> <Guillaume.Rousse@inria.fr> wrote:
>>>> Le 13/05/2010 01:21, Kevin Coffman a écrit :
>>>>> On Wed, May 12, 2010 at 5:37 PM, Guillaume Rousse
>>>>> <Guillaume.Rousse@inria.fr> wrote:
>>>>>> Le 05/05/2010 23:18, Guillaume Rousse a écrit :
>>>>>>> I'm attaching network capture, even I can't figure additional
>>>>>>> information from it by myself.
>>>>>> Reading https://bugzilla.redhat.com/show_bug.cgi?id=562807, I rebuild
>>>>>> libtirpc with patch applied and -DDEBUG. Unfortunatly, it doesn't bring
>>>>>> additional information about the server-side failure :(
>>>>>
>>>>> It looks to me like fflush(), called in qword_eol(), may be returning
>>>>> the number of bytes flushed (95) rather than zero for success? I
>>>>> don't immediately see any changes that would cause this. But I
>>>>> haven't looked extensively...
>>>> Not necessarily a change: I never used a kerberized server sofar, only
>>>> clients.
>>>
>>> Well, I've not seen that issue before, so I assumed it was a change.
>>> I looked back a bit, but didn't see: what versions of nfs-utils and
>>> kernel are on the server?
>> The same on both sides: kernel 2.6.33.3 + nfs-utils 1.2.2
> Hello.
>
> I finally managed to understand the issue: I also need rpc.svcgssd _and_
> rpc.gssd on server side, whereas I thought rpc.gssd was needed on client
> side only
> (http://wiki.linux-nfs.org/wiki/index.php/Enduser_doc_kerberos). Is this
> expected behaviour ?
Wow, I'm glad you finally found it.
rpc.svcgssd is always required on the server if you are using
Kerberos. rpc.gssd is required on the server if you want delegations
to work when using Kerberos (requires authenticated callback from the
server to the client). It was my understanding that no ill effects
should be seen if you do not run rpc.gssd on the server, you just
wouldn't be able to give out delegations. However, I may be
mis-remembering something.
K.C.
prev parent reply other threads:[~2010-08-17 17:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4BCFE979.2000406@inria.fr>
2010-05-05 21:18 ` trouble using kerberos between linux client and server Guillaume Rousse
2010-05-12 21:37 ` Guillaume Rousse
2010-05-12 23:21 ` Kevin Coffman
[not found] ` <AANLkTinNTYrEe9G6urXBxv-hogZPatOe9zWbbjnVTbWz-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-05-13 9:09 ` Guillaume Rousse
2010-05-13 12:55 ` Kevin Coffman
2010-05-13 21:13 ` Guillaume Rousse
2010-08-14 15:11 ` Guillaume Rousse
2010-08-17 17:45 ` J. Bruce Fields
2010-08-17 17:56 ` Kevin Coffman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AANLkTim2LL+utWDeEUWrgyrSuNiQv0HeUTPLn7oPNKK2@mail.gmail.com \
--to=kwc@citi.umich.edu \
--cc=Guillaume.Rousse@inria.fr \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).