Bug: Cleaning up of kerberos credentials by SSH with kerberized NFS leads to excessive log spam by rpc.gssd

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Bug: Cleaning up of kerberos credentials by SSH with kerberized NFS leads to excessive log spam by rpc.gssd
@ 2010-07-06 12:45 Mika Fischer
  0 siblings, 0 replies; only message in thread
From: Mika Fischer @ 2010-07-06 12:45 UTC (permalink / raw)
  To: linux-nfs

Hi,

we're having the following problem at our institute where we use
Kerberos to secure our NFS mounts.

This is copied from the OpenSuSE bug report here:
https://bugzilla.novell.com/show_bug.cgi?id=620066

----
SSH by default deletes Kerberos credentials when a user logs out.

If the user left a program running (for instance via screen), and if Kerberos
credentials are needed to access the home directories (kerberized NFS),
rpc.gssd will fail to obtain Kerberos credentials.

The problem is that it generates excessive amounts of warnings in the syslog to
this effect (about 1100 warnings per second), which then quickly fill up the
hard drive.

Reproducible: Always

Steps to Reproduce:
1. Log in (via SSH) to host that mounts home directory via kerberized NFS
2. Start screen with some process accessing the home dir inside
3. Detach screen
4. Close SSH session
5. Wait for rpc.gssd credentials cache to expire
Actual Results:
When the process still running on the target host tries to access the home
directory, rpc.gssd will try and fail to obtain kerberos credentials for the
user. It will then spam the syslog with the following warning
----
<date> <hostname> rpc.gssd[<pid>]: WARNING: Failed to create krb5 context for
user with uid <uid> for server <other hostname>
----
This is repeated ad infinitum until the offending process is killed manually.
The logfile otherwise quickly fills up the partition.

Expected Results:
Maybe one warning or no warning at all should be emitted (the latter is the
case for *expired* credentials). See also
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/293705 for the case of
expired credentials.
----

So it seems that for the case of expired credentials, this problem has
been addressed already. Now we're having the same problem with missing
credentials. Are we doing something wrong? I'm surprised that not more
people have run into this problem.

Any advice would be much appreciated.

Best,
 Mika
-- 
Mika Fischer                     email:  mika.fischer@kit.edu
Institut für Anthropomatik      phone:  +49 721 608 4735
Universität Karlsruhe (TH)      fax:    +49 721 60 77 21
Adenauerring 2                   web:    http://cvhci.ira.uka.de/~mfischer
76131 Karlsruhe                  office: room 228, building 50.20

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2010-07-06 13:04 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-06 12:45 Bug: Cleaning up of kerberos credentials by SSH with kerberized NFS leads to excessive log spam by rpc.gssd Mika Fischer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).