Chuck Lever asked that I start looking at getting GSSAPI mounts working over IPv6. Opening this bug to track progress on that front... We don't yet have a fully working IPv6 server on Linux so I've gone ahead and set up an opensolaris server for interop testing. I have it krb5 mounts working with IPv4. I can confirm that IPv6 does not yet work. When I attempt a mount, I get these errors in the logs: Feb 3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name Feb 3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info Feb 3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name Feb 3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info Feb 3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name Feb 3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info So it looks like the first step is to get reverse resolution of IPv6 address to server name working.
Created attachment 330770 [details] patch 1 -- make gssd reverse name resolution work with IPv6 First patch. Make reverse name resolution work with IPv6. This seems to get it past the "can't resolve hostname" errors.
That patch gets it over the initial hump. Now I see a segfault in what looks like nfs-utils-lib functions. I'll poke at those some tomorrow... Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in ?? () #1 0x000000000033bbbf in clnttcp_call (h=0x7ffff826e400, proc=0, xdr_args=0x3367a0 <xdr_rpc_gss_init_args>, args_ptr=0x7fffffffdd30 "\006\002", xdr_results=0x336630 <xdr_rpc_gss_init_res>, results_ptr=0x7fffffffdce0 "", timeout={tv_sec = 25, tv_usec = 0}) at clnt_tcp.c:337 #2 0x0000000000335bda in authgss_refresh (auth=0x7ffff826afa0) at auth_gss.c:513 #3 0x0000000000335ff1 in authgss_create (clnt=0x7ffff826e400, name=0x7ffff8204c20, sec=0x7fffffffe2e0) at auth_gss.c:217 #4 0x0000000000336140 in authgss_create_default (clnt=0x7ffff826e400, service=0x7ffff8206e90 "nfs.net", sec=0x7fffffffe2e0) at auth_gss.c:250 #5 0x00007ffff7ff9818 in create_auth_rpc_client (clp=0x7ffff8204a30, clnt_return=0x7fffffffe3a0, auth_return=0x7fffffffe398, uid=0, authtype=0) at gssd_proc.c:677 #6 0x00007ffff7ffa9ca in handle_krb5_upcall (clp=0x7ffff8204a30) at gssd_proc.c:769 #7 0x00007ffff7ff90fc in scan_poll_results (ret=<value optimized out>) at gssd_main_loop.c:76 #8 gssd_run () at gssd_main_loop.c:146 #9 0x00007ffff7ff8e23 in main (argc=<value optimized out>, argv=0x7fffffffe638) at gssd.c:189
Ok, after a lot of back and forth we determined that the problem in comment #2 was due to a mixing of legacy (glibc) rpc and libtirpc headers and libraries. In more recent tags in Chuck's nfs-utils git tree he's done a better job of making sure that we have a clean switch between libtirpc and legacy rpc. I now have a first draft of a patchset to convert gssd to libtirpc and to handle IPv6 correctly. It's based on the latest tag in Chuck's tree. With it, I'm able to successfully mount an OpenSolaris server using NFSv4 + IPv6 + krb5. It also eliminates what I think is an unnecessary DNS lookup on each upcall (working on getting confirmation on this). I've posted the patchset to upstream linux-nfs.org and nfsv4 lists for comment. Subject: [PATCH 0/6] nfs-utils: convert gssd to TI-RPC and add IPv6 support (RFC)
Patches have been committed to nfs-utils upstream. They'll be in rawhide soon if they aren't already.