Date: Wed, 05 Apr 2023 01:08:28 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 270592] nfsv4 /etc/exports with -sec=krb5p gives permission denied Message-ID: <bug-270592-3630-dxKAmQ4bje@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-270592-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-270592-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270592 --- Comment #1 from Rick Macklem <rmacklem@FreeBSD.org> --- Linux clients love to use krb5i for state maintenance operations no matter what you specify. If you capture packets when the mount is done and then look at them in wireshark, I'm pretty sure you'll find it using "integrity" (in the RPC credential) for RPCs that do stuff like EXCHANGEID, CREATESESSION, RECLAIM_COMPLETE. The Linux folk consider this a feature, for NFSv4.1/4.2 mounts. (A mount with "minorversion=3D0" would probably work, but you don't want to use 4.0 when 4.1/4.2 is supported.) It just so happens I reported this to linux-nfs@vger.kernel.org and, if you look at the reply in the email archive for it, you'll see they consider it a feature. (For my case it was sec=3Dkrb5, but I think you'll find it is the same.) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-270592-3630-dxKAmQ4bje>