Package: nfs-common Version: 1:1.0.10-6+etch.1 Severity: important The problem can be reproduced in the following conditions
Automounted homes over nfs4 with sec=krb5 Start a session on the nfs client and let the user ticked (used to grant the nfs access) expire After this the user can not access is home (as should be expected) However, it also appens that, for example, any trial to start a new session of some other user will sucessfully mount the respective home but the login process will stay forever trying to read a file (.bash_profile for example). The client syslog presents messages like these Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt Oct 11 07:44:46 directivo kernel: Error: state recovery failed on NFSv4 server 192.168.0.99 with error 13 Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt Oct 11 07:44:46 directivo rpc.gssd[30786]: ERROR: GSS-API: error in gss_acquire_cred(): The referenced credentials have expired - No error Oct 11 07:44:46 directivo rpc.gssd[30786]: WARNING: Failed to create krb5 context for user with uid 726 for server essa.essa.pt Oct 11 07:44:46 directivo kernel: Error: state recovery failed on NFSv4 server 192.168.0.99 with error 13 where 726 is the owner of the expired ticket in the present case Refreshing the expired ticket for this user grants him access to his home again and, additionaly, unlocks access to the other user homes In a single user nfs client machine this is pretty harmless, but in a multiuser one or if it is an X or thin terminal server, as it is the case here, this is a show stopper On client autofs 4.1.4-13 libpam-krb5 2.6-1 On server nfs-kernel-server 1.0.10-6+etch.1 krb5-kdc 1.4.4-7etch4 libkrb53 1.4.4-7etch4 If more details or log contents are needed please let me know Thanks in advance for any help Pedro Rodrigues -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=pt_PT.UTF-8, LC_CTYPE=pt_PT.UTF-8 (charmap=UTF-8) Versions of packages nfs-common depends on: ii adduser 3.102 Add and remove users and groups ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library ii libevent 1.1a-1 An asynchronous event notification ii libgssap 0.10-4 A mechanism-switch gssapi library ii libkrb53 1.4.4-7etch4 MIT Kerberos runtime libraries ii libnfsid 0.18-0 An nfs idmapping library ii librpcse 0.14-2etch1 allows secure rpc communication us ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii netbase 4.29 Basic TCP/IP networking system ii portmap 5-26 The RPC portmapper ii ucf 2.0020 Update Configuration File: preserv nfs-common recommends no packages. -- no debconf information -- _____________________________________________________________ Pedro Celestino dos Reis Rodrigues Departamento de Química e Bioquímica Faculdade de Ciências da Universidade de Lisboa Tel: 21750000-28619
