Date: Tue, 19 Feb 2013 09:47:36 +0100 From: "Momchil Ivanov" <momchil@xaxo.eu> To: "Rick Macklem" <rmacklem@uoguelph.ca> Cc: freebsd-fs@freebsd.org, Momchil Ivanov <momchil@xaxo.eu> Subject: Re: NFS + Kerberos Message-ID: <86a88ac8bb038ec5d8034724dcf80924.squirrel@webmail.xaxo.eu> In-Reply-To: <1794994447.3103158.1361231818953.JavaMail.root@erie.cs.uoguelph.ca> References: <1794994447.3103158.1361231818953.JavaMail.root@erie.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, February 19, 2013 12:56 am, Rick Macklem wrote: > Thanks to Elias's hard work, a bug/fix has just been isolated in the > Kerberos library that causes the gssd to fail to translate a principal > to a uid. The fix is to increase the size of the buffer passed to > getpwnam_r(). See this thread: > http://docs.FreeBSD.org/cgi/mid.cgi?CADtN0WKVzbKxhaLQw8y2KLhhRJC9n4ht9wyPmGQ+pHqSjQkVNw > > I haven't run into this bug, so I don't know what systems are affected, > but it would explain why you can't get it working. > > I'd suggest you apply the patch in the email (increase buf to 1024) and > then try again with libraries built with the patch. Do I have to aplly the patch to the server only and then rebuild world or do I have to do the same on the client too? And do I need to rebuild heimdal on both machines? btw, I checked the logs of the kdc and could not see any trace of the nfs server trying to validate the client's ticket... Frankly, I don't know that should I expect there, I haven't used kerberos before, so I have no idea if it's related to the bug. Here is part of the log: AS-REQ user@EXAMPLE.LOCAL from IPv4:X.X.X.X for krbtgt/EXAMPLE.LOCAL@EXAMPLE.LOCAL No preauth found, returning PREAUTH-REQUIRED -- user@EXAMPLE.LOCAL sending 407 bytes to IPv4:X.X.X.X AS-REQ user@EXAMPLE.LOCAL from IPv4:X.X.X.X for krbtgt/EXAMPLE.LOCAL@EXAMPLE.LOCAL Client sent patypes: encrypted-timestamp Looking for PKINIT pa-data -- user@EXAMPLE.LOCAL Looking for ENC-TS pa-data -- user@EXAMPLE.LOCAL ENC-TS Pre-authentication succeeded -- user@EXAMPLE.LOCAL using des-cbc-crc Client supported enctypes: des-cbc-crc Using des-cbc-crc/aes256-cts-hmac-sha1-96 AS-REQ authtime: 2013-02-11T23:45:44 starttime: unset endtime: 2013-02-12T09:45:39 renew till: unset sending 552 bytes to IPv4:X.X.X.X Thank you, Momchil
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86a88ac8bb038ec5d8034724dcf80924.squirrel>