Package: nfs-common
Version: 1:1.1.4-1
Severity: important

When attempting to mount an NFS filesystem using Kerberos 5 security, I get
an error:

wraith:/tmp# mount -osec=krb5p ghast.csi.cam.ac.uk:/export/home/bjh21 /mnt
mount.nfs: access denied by server while mounting 
ghast.csi.cam.ac.uk:/export/home/bjh21

The same happens with sec=krb5 and sec=krb5i as well.  The server should be
offering all of these modes.  If I downgrade nfs-common to 1:1.1.2-6lenny1,
the mount succeeds:

wraith:/tmp# dpkg -i nfs-common_1.1.2-6lenny1_i386.deb 
dpkg - warning: downgrading nfs-common from 1:1.1.4-1 to 1:1.1.2-6lenny1.
(Reading database ... 159924 files and directories currently installed.)
Preparing to replace nfs-common 1:1.1.4-1 (using 
nfs-common_1.1.2-6lenny1_i386.deb) ...
Unpacking replacement nfs-common ...
Setting up nfs-common (1:1.1.2-6lenny1) ...
Stopping NFS common utilities: gssd idmapd statd.
Starting NFS common utilities: statd idmapd gssd.
Processing triggers for man-db ...
wraith:/tmp# mount -osec=krb5p ghast.csi.cam.ac.uk:/export/home/bjh21 /mnt
wraith:/tmp# 

The server is running Solaris 10 and the filesystem in question is on ZFS:

ghast:~$ uname -a
SunOS ghast 5.10 Generic_138889-03 i86pc i386 i86pc
ghast:~$ /usr/sbin/zfs get sharenfs data/home/bjh21
NAME             PROPERTY  VALUE                                     SOURCE
data/home/bjh21  sharenfs  sec=krb5p:krb5i:krb5,rw,sec=sys,rw=uxsup  inherited 
from data/home

This bug is similar to #511802, but the error message is different.

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27.9 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages nfs-common depends on:
ii  adduser               3.110              add and remove users and groups
ii  initscripts           2.86.ds1-61        Scripts for initializing and shutt
ii  libc6                 2.7-18             GNU C Library: Shared libraries
ii  libcomerr2            1.41.3-1           common error description library
ii  libevent1             1.3e-3             An asynchronous event notification
ii  libgssglue1           0.1-2              mechanism-switch gssapi library
ii  libkrb53              1.6.dfsg.4~beta1-6 MIT Kerberos runtime libraries
ii  libnfsidmap2          0.21-2             An nfs idmapping library
ii  librpcsecgss3         0.18-1             allows secure rpc communication us
ii  libwrap0              7.6.q-16           Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-20             Linux Standard Base 3.2 init scrip
ii  netbase               4.34               Basic TCP/IP networking system
ii  portmap               6.0-9              RPC port mapper
ii  ucf                   3.0016             Update Configuration File: preserv

nfs-common recommends no packages.

nfs-common suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to