Bug 491740

Description of problem:

I'm running Red Hat Enterprise Linux 5.2 and set up the system to properly use Kerberos for authentication via an Active Directory server. I am using nfs-utils-1.0.9 package. When I export a file system for NFS v3 via Kerberos, I seem to be required to also export it via AUTH_SYS.

A simple example of /etc/exports is as follows:

/mnt gss/krb5(rw)

When I mount it from the client system via:
mount -t nfs -o "sec=krb5" 10.30.252.87:/mnt /mnt

I get back the error:
mount: 10.30.252.87:/mnt_psfs failed, reason given by server: Permission denied

The fix that seems to work is to modify /etc/exports as follows:
/mnt *(rw)
/mnt(gss/krb5(rw)

This then allows me to mount the NFS file system via either AUTH_SYS or Kerberos.

I found some posts on the web that indicate this is a known problem but I can't find a bug report in bugzilla on it. Is this by design or is there plans to fix this? It means that NFSV3 isn't really secure via kerberos because it also has to be exported via AUTH_SYS.

Version-Release number of selected component (if applicable):
nfs-utils-1.0.9
red hat enterprise Linux 5.2.

How reproducible:
100% of the time. 

Steps to Reproduce:
1.Setup the system to talk to an AD server via Kerberos (there are a lot of steps to do this).
2.Create /etc/exports with the following export:
/mnt gss/krb5(rw)
3.Run exportfs -r
4. Try to mount that share from a client system via:
mount -t nfs -o "sec=krb5" <ipaddress>:/mnt /mnt

this will fail.

5. Modify /etc/exports to have the additional line:
/mnt *(rw)
and run exportfs -r and the mount will now work.
  
Actual results:
mount: 10.30.252.87:/mnt_psfs failed, reason given by server: Permission denied


Expected results:
The mount should succeed.

Additional info: I think this may be a known problem but can't find a bug report on it. I also can't find any patches for it. As far as I can tell this is specific to NFSV3. Any help would be appreciated on this as it makes NFSV3 exported shares unsecure. Thanks.