Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionRemigiusz Górecki
2011-11-14 16:32:01 UTC
I have NFSv4 working with an kerberos authentication on my Red Hat 6.1 NFS server. Everything was working properly with the nfs-utils-1.2.3-7.el6.x86_64. When I upgraded it to the nfs-utils-1.2.3-7.el6_1.1.x86_64 rpc.svcgssd stopped work correctly. I didn't change anything on workstations (Fedora 15 and Red Hat 6.1). Just this one package.
After a more detailed investigation I found that rpc.svcgssd caused the problem. When I replace this file - /usr/sbin/rpc.svcgssd with that one from the nfs-utils-1.2.3-7.el6.x86_64 everything is working fine again.
Now I can give you some details about this problem. When I starting my NFSv4 server evetything seems working correctly. But when a client try to mount an NFS volume with the kerberos authentication there apperas an error (without kerberos security everything works fine):
[root@client ~]# mount -t nfs4 -o sec=krb5 nfs.wszib.edu.pl:/ /nfs
mount.nfs4: access denied by server while mounting nfs.wszib.edu.pl:/
On the server I have in /var/log/messages:
Nov 10 20:57:41 nfs rpc.svcgssd[1786]: ERROR: GSS-API: error in gss_export_lucid_sec_context(): GSS_S_NO_CONTEXT (No context has been established) - (0x00007f26)
Nov 10 20:57:41 nfs rpc.svcgssd[1786]: ERROR: failed serializing krb5 context for kernel
Nov 10 20:57:41 nfs rpc.svcgssd[1786]: WARNING: handle_nullreq: serialize_context_for_kernel failed
When I running /usr/sbin/rpc.svcgssd in verbose mode I have:
[root@nfs sbin]# /usr/sbin/rpc.svcgssd -f -vvvv
entering poll
leaving poll
handling null request
sname = nfs/client.wszib.edu.pl.PL
DEBUG: serialize_krb5_ctx: lucid version!
ERROR: GSS-API: error in gss_export_lucid_sec_context(): GSS_S_NO_CONTEXT (No context has been established) - (0x00007f80)
ERROR: failed serializing krb5 context for kernel
WARNING: handle_nullreq: serialize_context_for_kernel failed
sending null reply
...
On the client I have:
[root@client ~]# /usr/sbin/rpc.gssd -f -vvvv
beginning poll
...
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt50)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt50)
process_krb5_upcall: service is '<null>'
Full hostname for 'nfs.wszib.edu.pl' is 'nfs.wszib.edu.pl'
Full hostname for 'client.wszib.edu.pl' is 'client.wszib.edu.pl'
No key table entry found for CLIENT.WSZIB.EDU.PL$@WSZIB.EDU.PL while getting keytab entry for 'CLIENT.WSZIB.EDU.PL$@WSZIB.EDU.PL'
No key table entry found for root/client.wszib.edu.pl.PL while getting keytab entry for 'root/client.wszib.edu.pl.PL'
Success getting keytab entry for 'nfs/client.wszib.edu.pl.PL'
Successfully obtained machine credentials for principal 'nfs/clientwszib.edu.pl.PL' stored in ccache 'FILE:/tmp/krb5cc_machine_WSZIB.EDU.PL'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_WSZIB.EDU.PL' are good until 1320994315
using FILE:/tmp/krb5cc_machine_WSZIB.EDU.PL as credentials cache for machine creds
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_WSZIB.EDU.PL
creating context using fsuid 0 (save_uid 0)
creating tcp client for server nfs.wszib.edu.pl
DEBUG: port already set to 2049
creating context with server nfs.edu.pl
WARNING: Failed to create krb5 context for user with uid 0 for server nfs3.dydaktyka.wszib.edu.pl
WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_WSZIB.EDU.PL for server nfs.wszib.edu.pl
WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server nfs.wszib.edu.pl
When I had replaced the /usr/sbin/rpc.svcgssd with the previous one from nfs-utils-1.2.3-7.el6.x86_64 and restarted rpcsvcgssd service everything was working fine again.
I don't have any idea what is wrong with the /usr/sbin/rpc.svcgssd and how resolve this problem. The only solution for me is to come back to the previous version of nfs-utils.