Bug 1005231
Summary: | wrong ad machine name principal search in rpc.gssd | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | E. de Vries <E.deVries> | ||||||
Component: | nfs-utils | Assignee: | Steve Dickson <steved> | ||||||
Status: | CLOSED DUPLICATE | QA Contact: | Red Hat Kernel QE team <kernel-qe> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 6.4 | CC: | bugzilla, R.Smits | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-04-28 17:16:03 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. this bug also exists in latest nfs-utils (nfs-utils-1.2.8-6.0.fc19.x86_64) for fedora 19, in which the patched patch nfs-utils-1.2.3-krb5-ad-style-short-host.patch has already been integrated. however the same basic change looks like it would work. should a separate bug be opened for Fedora? Created attachment 833678 [details]
patch nfs-utils 1.2.8 version to only use the short host name to create AD style principal
This attachment is the exact same change as the patch against the RHEL 6 version, but against the current fedora 19 nfs-utils version (nfs-utils-1.2.8-6.0).
I have tested that it "works" for retrieving the correct key from the local keytab in a standard winbind environment where HOST$@REALM.COM is present, but the value returned by "gethostname" is "host.domain.com".
I'm happy to open a separate bug against Fedora if desired.
(In reply to David Mansfield from comment #4) > Created attachment 833678 [details] > patch nfs-utils 1.2.8 version to only use the short host name to create AD > style principal > > This attachment is the exact same change as the patch against the RHEL 6 > version, but against the current fedora 19 nfs-utils version > (nfs-utils-1.2.8-6.0). > > I have tested that it "works" for retrieving the correct key from the local > keytab in a standard winbind environment where HOST$@REALM.COM is present, > but the value returned by "gethostname" is "host.domain.com". > > I'm happy to open a separate bug against Fedora if desired. Would you be comfortable sending a patch to the NFS upstream community? The HOWTO is here: https://www.kernel.org/doc/Documentation/SubmittingPatches And the list address is: Linux NFS Mailing list <linux-nfs.org> I'll more than willing to help you through the process... *** This bug has been marked as a duplicate of bug 1067423 *** I got a NEEDINFO tickler but I think bugzilla is confused. AFAICT this issue is probably fixed upstream (see dup). |
Created attachment 794739 [details] patch for short hostname Description of problem: rpc.gssd is searching for a AD machine name principal with full qualified domain name in stead of the short name. log with rpc.gssd -vvv (domain and realm name changed) Sep 6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for KOVA-01.EXAMPLE.COM$@REALM while getting keytab entry for 'KOVA-01.EXAMPLE.COM$@REALM' Sep 6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for root/kova-01.example.com@REALM while getting keytab entry for 'root/kova-01.example.com@REALM' Sep 6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for nfs/kova-01.example.com@REALM while getting keytab entry for 'nfs/kova-01.example.com@REALM' Sep 6 10:51:03 kova-01 rpc.gssd[1734]: Success getting keytab entry for 'host/kova-01.example.com@REALM' The search for key table entry KOVA-01.EXAMPLE.COM$@REALM should be KOVA-01$@REALM to get a valid AD machine account name. Version-Release number of selected component (if applicable): nfs-utils-1.2.3-36 Additional info: The code for the generation of the ad machine name principal is found in the nfs-utils-1.2.3-krb5-ad-style.patch in the nfs-utils-1.2.3-36.el6.src.rpm. A minor change in the patchfile solves this problem. You will find a patch for the patchfile as attachment. The patch works fine in my case and generates the short machine name without domain. Regards, Erik de Vries