Date: Sun, 24 Dec 2023 15:00:17 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: bugzilla-noreply@freebsd.org Cc: fs@freebsd.org Subject: Re: [Bug 275905] nfs client: mount becomes unresponsive Message-ID: <CAM5tNy6rRctKx82aASszCrYt%2B3JQM9fkfGddvEszy3vaamFkYA@mail.gmail.com> In-Reply-To: <bug-275905-3630-6ETlTCWkCp@https.bugs.freebsd.org/bugzilla/> References: <bug-275905-3630@https.bugs.freebsd.org/bugzilla/> <bug-275905-3630-6ETlTCWkCp@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 24, 2023 at 8:01=E2=80=AFAM <bugzilla-noreply@freebsd.org> wrot= e: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275905 > > --- Comment #5 from Lexi <lexi.freebsd@le-fay.org> --- > the client keytab should be fine, since i only created it about 2 days ag= o when > i installed this host and there was no previous principal for this fqdn. > > 'kinit -k host/fqdn' on the client seems to work: > > # kinit -k host/ilythia.eden.le-fay.org > # klist > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: host/ilythia.eden.le-fay.org@EDEN.LE-FAY.ORG > > Issued Expires Principal > Dec 24 15:54:16 2023 Dec 25 01:54:16 2023 > krbtgt/EDEN.LE-FAY.ORG@EDEN.LE-FAY.ORG > > > Does this hang occur frequently or was this a "one time" hang on a moun= t that usually behaves ok? > > as i mentioned, i only installed this host 2 days ago, so i can't say for= sure, > but so far it has reliably occurred twice about 10 hours after booting so= it > seems to be 100% reproducible. (iow, it never *hasn't* occurred at that = time.) > > in the mean time, i've temporarily switched the mount from sec=3Dkrb5p to > sec=3Dkrb5 to see if this fixes the issue; aiui, this means no GSS should= be > involved after the initial mount, so i expect it will, but i'm happy to d= o any > other testing you need. Not exactly. sec=3Dkrb5 says that a RPCSEC_GSS (think Kerberos) session is used to identify the user for all RPCs. The difference w.r.t. krb5p is t= hat it does not encrypt the NFS payload. I doubt it will make any difference, but it sounds like you'll know soon en= ough. I now have a hunch w.r.t. what might be broken, but I need to look at the c= ode (and if my hunch seems correct) and maybe come up with a patch. You could try the "syskrb5" mount option, which avoids use of the keytab an= d allows "system operations that maintain the state" to use AUTH_SYS, while t= he rest (all involving file data) use Kerberos. (If my hunch is correct, this will not fix the problem, but might cause it to behave better.) rick > > -- > You are receiving this mail because: > You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy6rRctKx82aASszCrYt%2B3JQM9fkfGddvEszy3vaamFkYA>