Hide Forgot
Description of problem: Using the -o krbp mount which ensure encrypting every RPC request fails against an Microsoft 8 NFS server.The reason being the client does not rotate the encryption properly. The broken code is: /* * We cannot currently handle tokens with rotated data. We need a * generalized routine to rotate the data in place. It is anticipated * that we won't encounter rotated data in the general case. */ static u32 rotate_left(struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf, u16 rrc) { unsigned int realrrc = rrc % (buf->len - offset - GSS_KRB5_TOK_HDR_LEN); if (realrrc == 0) return 0; dprintk("%s: cannot process token with rotated data: " "rrc %u, realrrc %u\n", __func__, rrc, realrrc); return 1; } The debug message can be seen by enable debug with rpcdebug -m rpc -s auth Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.mount -o sec=krb5p,v3 microsoft:/export /mnt 2. 3. Actual results: mount.nfs: mount system call failed
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Patch(es) available on kernel-2.6.32-288.el6
This bug is verified on 2.6.32-355.el6.x86_64. [root@hp-xw4600-01 ~]# uname -a Linux hp-xw4600-01.rhts.eng.nay.redhat.com 2.6.32-355.el6.x86_64 #1 SMP Tue Jan 15 17:45:38 EST 2013 x86_64 x86_64 x86_64 GNU/Linux [root@hp-xw4600-01 ~]# mount ibm-x3250m4-03.rhts.eng.nay.redhat.com:/nfs /mnt/test -o vers=3,sec=krb5 -vv mount: no type was given - I'll assume nfs because of the colon final mount options: 'vers=3,sec=krb5' mount.nfs: timeout set for Fri Jan 25 03:37:14 2013 mount.nfs: trying text-based options 'vers=3,sec=krb5,addr=10.66.86.144' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying 10.66.86.144 prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 10.66.86.144 prog 100005 vers 3 prot UDP port 2049 ibm-x3250m4-03.rhts.eng.nay.redhat.com:/nfs on /mnt/test type nfs (rw,vers=3,sec=krb5) [root@hp-xw4600-01 ~]# grep "/mnt/test" /proc/mounts ibm-x3250m4-03.rhts.eng.nay.redhat.com:/nfs /mnt/test nfs rw,relatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5,mountaddr=10.66.86.144,mountvers=3,mountport=2049,mountproto=udp,local_lock=none,addr=10.66.86.144 0 0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0496.html