1. Please describe the problem:
When trying to use 'sec=krb5i' (or other krb5x variants) with kernel 6.4+, mounting NFS shares fails:
| # mount -t nfs -o nodev,noexec,nosuid,ro,sec=krb5i sciurus.intern.sigma-chemnitz.de:/mirror /mnt/
| mount.nfs: access denied by server while mounting sciurus.intern.sigma-chemnitz.de:/mirror
When going back to 6.3.13-200.fc38.x86_64, things works as expected.
In good case, tcpdump shows that client tries to start two sessions. First one contains a plaintext `EXCHANGE_ID` and this first session is aborted with "Access denied". Then, clients starts another session with GSS data in `EXCHANGE_ID` and this session is accepted.
In bad case, only the plaintext `EXCHANGE_ID` seems to be sent.
Server is RHEL8.8 (kernel-4.18.0-477.21.1.el8_8.x86_64)
2. What is the Version-Release number of the kernel:
3. Did it work previously in Fedora? If so, what kernel version did the issue
*first* appear?
5. Does this problem occur with the latest Rawhide kernel?
Bad:
kernel-6.4.4-200.fc38.x86_64
kernel-6.4.8-200.fc38.x86_64
kernel-6.5.0-0.rc5.20230811git25aa0bebba72.40.fc40.x86_64
Ok:
kernel-6.3.13-200.fc38.x86_64
4. Can you reproduce this issue? If so, please provide the steps to reproduce
the issue below:
To install the
Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by
``sudo dnf update --enablerepo=rawhide kernel``:
6. Are you running any modules that not shipped with directly Fedora's kernel?:
no
Reproducible: Always
kernel 6.4 offers more enctypes; e.g. kernel 6.3 shows
| handle_gssd_upcall(0x7f6d05a6d840): 'mech=krb5 uid=0 service=* enctypes=18,17' (nfs/clnt0)
while 6.4 has
| handle_gssd_upcall(0x7fd007647840): 'mech=krb5 uid=0 service=* enctypes=20,19,26,25,18,17' (nfs/clnt0)
rpc-gssd seems to send only packets for the first enctype (20) which is not supported by the server. Removing the unsupported enctypes from the server keytab restores operation.