Bug 147233
| Summary: | NFSv3 over Kerberos: gss_get_mic FAILED during xdm login attempt | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Chuck Lever <cel> | ||||||
| Component: | kernel | Assignee: | Steve Dickson <steved> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 4.0 | CC: | davej, kanderso, poelstra, wtogami | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | RHSA-2005-514 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2005-10-05 12:45:04 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 156322 | ||||||||
| Attachments: |
|
||||||||
|
Description
Chuck Lever
2005-02-04 22:16:03 UTC
Created attachment 110681 [details]
patch 1/2 from trond
Created attachment 110682 [details]
patch 2/2 from trond
Confirmed: this problem also exists in RHEL 4 (2.6.9-5.0.3EL). ETA for a fix? Chuck, In http://people.redhat.com/steved/bz147233 is a RHEL4 kernel that contains these patches. I'm in the process of setting up a test environment to reproduce the problem and ensure the patchs solve the problem.... but... If, by chance, you have an environment that you could 'pop' this kernel into to also verify the problem is fix, that would good and definitely appreciated!! ;-) BTW... If you need a different flavor of kernel like x86_64 or such just let me know... tia... i set up my desktop system to use NFSv3 with kerberos for my home directory, and booted your test kernel. logged out before going home yesterday, and tried to log in this morning, but it failed: Using username "cel". cel.umich.edu's password: Last login: Wed Jul 13 20:31:19 2005 from adsl-68-248-33-186.dsl.sfldmi.ameritech.net Could not chdir to home directory /home/cel: Input/output error -bash: /home/cel/.bash_profile: Input/output error -bash-3.00$ these messages appeared in the log: Jul 14 08:40:30 dexter sshd(pam_unix)[4634]: session opened for user cel by (uid=0) Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:40:31 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:40:31 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:41:02 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:41:02 dexter kernel: RPC: call_header failed, exit EIO Jul 14 08:41:02 dexter kernel: gss_marshal: gss_get_mic FAILED (786432) Jul 14 08:41:02 dexter kernel: RPC: call_header failed, exit EIO this appears to be the same behavior as before... my bad... it appears the was a typo in the spec file that stop the patch from being applied... I'm rebuilding a new kernel at this moment... It might take a few minutes depending on the health of our build system... Question: I got a system set up to test this out, but is there any type of pam configures I need to do so I get a ticket when I log in? I've always just used kinit to get tickets so I'm not clear as what has to happen at during login.... As always, thats for you help!! its much appreciated... the root cause is that the server is expiring it's GSS context before the client expires its context and credential. the next day, logging in attempts to access files in a directory using the client's cached context, which the server has by now long forgotten. the bugs are in the client-side GSS logic that is supposed to recover from this situation. so you can use login (after waiting for the server context to expire) to reproduce this easily. but you can also do this by hand simply by mounting a file system with NFS and krb5, kinit'ing, and waiting overnight. i used "authconfig" to set up the PAM configuration on my system to acquire kerberos credentials on login. just select the "Kerberos 5 authentication" option. thanks... I'll try to the authconfig thing, if that doesn't work I figure something out.... Anyways, I updated the kernels in http://people.redhat.com/steved/bz147233 downloaded and installed your latest on friday. i've logged in twice over the weekend, and all appears to be working correctly on the client side now. however, i see this on the filer, both with RHEL 4 update 1 and with your kernel: Sun Jul 17 13:18:05 EDT [nfsd.rpc.request.bad:warning]: Client 141.211.133.33 is sending bad rpc requests with error: RPC version mismatch or authenication error(73) Sun Jul 17 13:18:05 EDT [nfsd.auth.status.bad:warning]: Client 141.211.133.33 has an authentication error 14 Sun Jul 17 13:18:05 EDT [nfsd.rpc.request.bad:warning]: Client 141.211.133.33 is sending bad rpc requests with error: RPC version mismatch or authenication error(73) Sun Jul 17 13:18:05 EDT [nfsd.auth.status.bad:warning]: Client 141.211.133.33 has an authentication error 14 but i suspect this is a different problem. i will check this with a current kernel.org kernel to see if it is resolved there. My test also showed the problem seem to be fixed with the above kernel. Unfortunately, it seems my messaging on my filer is not set up correctly since /etc/log/messages is symbolicly linked to /etc/messages which does not exist. Is there another way to look at the filer's log? An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-514.html |