Bug 1005231 - wrong ad machine name principal search in rpc.gssd
wrong ad machine name principal search in rpc.gssd
Status: CLOSED DUPLICATE of bug 1067423
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils (Show other bugs)
6.4
x86_64 Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Steve Dickson
Red Hat Kernel QE team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-06 09:31 EDT by E. de Vries
Modified: 2014-06-09 09:11 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-28 13:16:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch for short hostname (490 bytes, patch)
2013-09-06 09:31 EDT, E. de Vries
no flags Details | Diff
patch nfs-utils 1.2.8 version to only use the short host name to create AD style principal (595 bytes, patch)
2013-12-06 11:20 EST, David Mansfield
no flags Details | Diff

  None (edit)
Description E. de Vries 2013-09-06 09:31:05 EDT
Created attachment 794739 [details]
patch for short hostname

Description of problem:

rpc.gssd is searching for a AD machine name principal with full qualified domain name in stead of the short name.

log with rpc.gssd -vvv (domain and realm name changed)

Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for KOVA-01.EXAMPLE.COM$@REALM while getting keytab entry for 'KOVA-01.EXAMPLE.COM$@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for root/kova-01.example.com@REALM while getting keytab entry for 'root/kova-01.example.com@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for nfs/kova-01.example.com@REALM while getting keytab entry for 'nfs/kova-01.example.com@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: Success getting keytab entry for 'host/kova-01.example.com@REALM'

The search for key table entry KOVA-01.EXAMPLE.COM$@REALM should be KOVA-01$@REALM to get a valid AD machine account name.

Version-Release number of selected component (if applicable):

nfs-utils-1.2.3-36

Additional info:

The code for the generation of the ad machine name principal is found in the 
nfs-utils-1.2.3-krb5-ad-style.patch in the nfs-utils-1.2.3-36.el6.src.rpm. A minor change in the patchfile solves this problem. You will find a patch for the patchfile as attachment.

The patch works fine in my case and generates the short machine name without domain.

Regards,
Erik de Vries
Comment 2 RHEL Product and Program Management 2013-10-13 22:20:37 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 David Mansfield 2013-12-06 10:49:17 EST
this bug also exists in latest nfs-utils (nfs-utils-1.2.8-6.0.fc19.x86_64) for fedora 19, in which the patched patch nfs-utils-1.2.3-krb5-ad-style-short-host.patch has already been integrated.  however the same basic change looks like it would work. should a separate bug be opened for Fedora?
Comment 4 David Mansfield 2013-12-06 11:20:05 EST
Created attachment 833678 [details]
patch nfs-utils 1.2.8 version to only use the short host name to create AD style principal

This attachment is the exact same change as the patch against the RHEL 6 version, but against the current fedora 19 nfs-utils version (nfs-utils-1.2.8-6.0).

I have tested that it "works" for retrieving the correct key from the local keytab in a standard winbind environment where HOST$@REALM.COM is present, but the value returned by "gethostname" is "host.domain.com".

I'm happy to open a separate bug against Fedora if desired.
Comment 5 Steve Dickson 2013-12-10 16:44:35 EST
(In reply to David Mansfield from comment #4)
> Created attachment 833678 [details]
> patch nfs-utils 1.2.8 version to only use the short host name to create AD
> style principal
> 
> This attachment is the exact same change as the patch against the RHEL 6
> version, but against the current fedora 19 nfs-utils version
> (nfs-utils-1.2.8-6.0).
> 
> I have tested that it "works" for retrieving the correct key from the local
> keytab in a standard winbind environment where HOST$@REALM.COM is present,
> but the value returned by "gethostname" is "host.domain.com".
> 
> I'm happy to open a separate bug against Fedora if desired.
Would you be comfortable sending a patch to the NFS upstream community?

The HOWTO is here:
    https://www.kernel.org/doc/Documentation/SubmittingPatches

And the list address is:
 Linux NFS Mailing list <linux-nfs@vger.kernel.org>

I'll more than willing to help you through the process...
Comment 6 Steve Dickson 2014-04-28 13:16:03 EDT

*** This bug has been marked as a duplicate of bug 1067423 ***
Comment 7 David Mansfield 2014-06-09 09:11:43 EDT
I got a NEEDINFO tickler but I think bugzilla is confused. AFAICT this  issue is probably fixed upstream (see dup).

Note You need to log in before you can comment on or make changes to this bug.