From owner-freebsd-fs@FreeBSD.ORG  Thu Feb 21 16:18:56 2013
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 593EFD3
 for <freebsd-fs@freebsd.org>; Thu, 21 Feb 2013 16:18:56 +0000 (UTC)
 (envelope-from momchil@xaxo.eu)
Received: from vps2.xaxo.eu (vps2.xaxo.eu [78.47.156.66])
 by mx1.freebsd.org (Postfix) with ESMTP id DB75422B
 for <freebsd-fs@freebsd.org>; Thu, 21 Feb 2013 16:18:55 +0000 (UTC)
Received: from vps2.xaxo.eu (localhost [127.0.0.1])
 by vps2.xaxo.eu (8.14.4/8.14.4) with ESMTP id r1LGIroG093454;
 Thu, 21 Feb 2013 17:18:53 +0100 (CET) (envelope-from momchil@xaxo.eu)
Received: (from www@localhost)
 by vps2.xaxo.eu (8.14.4/8.14.4/Submit) id r1LGIr6f093453;
 Thu, 21 Feb 2013 17:18:53 +0100 (CET) (envelope-from momchil@xaxo.eu)
X-Authentication-Warning: vps2.xaxo.eu: www set sender to momchil@xaxo.eu
 using -f
Received: from 139.18.9.22 (SquirrelMail authenticated user space)
 by webmail.xaxo.eu with HTTP; Thu, 21 Feb 2013 17:18:53 +0100
Message-ID: <d112e84c5a294f5e009e8eac4eb0cf19.squirrel@webmail.xaxo.eu>
Date: Thu, 21 Feb 2013 17:18:53 +0100
Subject: Re: NFS + Kerberos
From: "Momchil Ivanov" <momchil@xaxo.eu>
To: "Rick Macklem" <rmacklem@uoguelph.ca>
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: freebsd-fs@freebsd.org
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2013 16:18:56 -0000

On Thu, February 21, 2013 12:10 am, Rick Macklem wrote:
> I would have thought kerberos was rebuilt for make buildworld. If you
use heimdal from somewhere else (ports or their distro), I don't think
that needs to be rebuilt, since I don't think the ..pname_to_uid()
function is a part of a generic heimdal distribution, but I am not sure.
>
> Be sure to change buf[128] --> buf[1024] in both:
> kerberos5/lib/libgssapi_krb5/pname_to_uid.c
> usr.sbin/gssd/gssd.c
>
> (Or paths close to that. I might not have remembered them quite
> correctly;-)

this change allows for yet another entry in the kdc log:

2013-02-21T17:03:43 TGS-REQ user@EXAMPLE.LOCAL from IPv4:X.X.X.X for
nfs/srv.example.local@EXAMPLE.LOCAL
2013-02-21T17:03:44 TGS-REQ authtime: 2013-02-21T17:02:03 starttime:
2013-02-21T17:03:43 endtime: 2013-02-22T03:02:00 renew till: unset
2013-02-21T17:03:44 sending 612 bytes to IPv4:X.X.X.X

which seems promising, but I still get:

$ mount -t nfs -o nfsv4,sec=krb5i srv.example.local:/ /mnt/srv
  mount_nfs: can't update /var/db/mounttab for srv.example.local:/ nfsv4
err=10016
  mount_nfs: /mnt/srv, : Input/output error

do you happen to have any other ideas?

Thank you,
Momchil