Date: Mon, 3 Sep 2012 15:25:38 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Herbert Poeckl <freebsdml@ist.tugraz.at> Cc: freebsd-stable@FreeBSD.org Subject: Re: Need help with nfsv4 and krb5 access denied Message-ID: <233953231.1437527.1346700338839.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <5044D574.3050305@ist.tugraz.at>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_1437526_780559.1346700338836 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Herbert Poeckl wrote: > On 6/25/12 1:21 PM, Herbert Poeckl wrote: > > We are getting access denied error on our debian clients when > > mounting > > nfsv4 network drives with kerberos 5 authentication. > > > > What is wired about this, is that it works with one server, but not > > with > > a second server. > [..] > > For the records: > > The problem was fixed in this post: > http://lists.freebsd.org/pipermail/freebsd-fs/2012-August/015047.html > Ok, so are you saying that the patch in Attila's email fixed your problem? If so, please try the attached patch. (It doesn't set the client security handle stale when DESTROY fails, due to an invalid encrypted checksum. It is similar to his patch, but only for the DESTROY case, which seems to be ok to do from my understanding of the RPCSEC_GSS. It doesn't include the timer changes, which shouldn't affect the outcome from afaik.) To consider the client security handle still valid when a data (real RPC in the message) phase entry fails the encrypted checksum seems riskier to do, so I'd like to avoid that in any patch for head. rick > Kind regards, > Herbert Poeckl > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org" ------=_Part_1437526_780559.1346700338836 Content-Type: text/x-patch; name=rpcsec-destroy.patch Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=rpcsec-destroy.patch LS0tIHJwYy9ycGNzZWNfZ3NzL3N2Y19ycGNzZWNfZ3NzLmMuc2F2CTIwMTItMDktMDEgMTk6MjA6 MzUuMDAwMDAwMDAwIC0wNDAwCisrKyBycGMvcnBjc2VjX2dzcy9zdmNfcnBjc2VjX2dzcy5jCTIw MTItMDktMDEgMTk6MjQ6MTUuMDAwMDAwMDAwIC0wNDAwCkBAIC05ODQsNyArOTg0LDcgQEAgc3Zj X3JwY19nc3NfYWNjZXB0X3NlY19jb250ZXh0KHN0cnVjdCBzdgogCiBzdGF0aWMgYm9vbF90CiBz dmNfcnBjX2dzc192YWxpZGF0ZShzdHJ1Y3Qgc3ZjX3JwY19nc3NfY2xpZW50ICpjbGllbnQsIHN0 cnVjdCBycGNfbXNnICptc2csCi0gICAgZ3NzX3FvcF90ICpxb3ApCisgICAgZ3NzX3FvcF90ICpx b3AsIHJwY19nc3NfcHJvY190IGdjcHJvYykKIHsKIAlzdHJ1Y3Qgb3BhcXVlX2F1dGgJKm9hOwog CWdzc19idWZmZXJfZGVzYwkJIHJwY2J1ZiwgY2hlY2tzdW07CkBAIC0xMDI0LDcgKzEwMjQsOCBA QCBzdmNfcnBjX2dzc192YWxpZGF0ZShzdHJ1Y3Qgc3ZjX3JwY19nc3NfCiAJaWYgKG1hal9zdGF0 ICE9IEdTU19TX0NPTVBMRVRFKSB7CiAJCXJwY19nc3NfbG9nX3N0YXR1cygiZ3NzX3ZlcmlmeV9t aWMiLCBjbGllbnQtPmNsX21lY2gsCiAJCSAgICBtYWpfc3RhdCwgbWluX3N0YXQpOwotCQljbGll bnQtPmNsX3N0YXRlID0gQ0xJRU5UX1NUQUxFOworCQlpZiAoZ2Nwcm9jICE9IFJQQ1NFQ19HU1Nf REVTVFJPWSkKKwkJCWNsaWVudC0+Y2xfc3RhdGUgPSBDTElFTlRfU1RBTEU7CiAJCXJldHVybiAo RkFMU0UpOwogCX0KIApAQCAtMTM1OCw3ICsxMzU5LDcgQEAgc3ZjX3JwY19nc3Moc3RydWN0IHN2 Y19yZXEgKnJxc3QsIHN0cnVjdAogCQkJYnJlYWs7CiAJCX0KIAotCQlpZiAoIXN2Y19ycGNfZ3Nz X3ZhbGlkYXRlKGNsaWVudCwgbXNnLCAmcW9wKSkgeworCQlpZiAoIXN2Y19ycGNfZ3NzX3ZhbGlk YXRlKGNsaWVudCwgbXNnLCAmcW9wLCBnYy5nY19wcm9jKSkgewogCQkJcmVzdWx0ID0gUlBDU0VD X0dTU19DUkVEUFJPQkxFTTsKIAkJCWJyZWFrOwogCQl9Cg== ------=_Part_1437526_780559.1346700338836--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?233953231.1437527.1346700338839.JavaMail.root>