https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268823
Bug ID: 268823
Summary: Kerberized NFS mount with "gssname" option does not
work
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Created attachment 239339
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=239339&action=edit
replace desired_name with GSS_C_NO_NAME so gss_acquire_cred() works
If you attempt a Kerberized NFS mount with the gssname option such as:
# mount -t nfs -o nfsv4,sec=krb5,gssname=host nfs-server:/ /mnt
the gssd daemon gets stuck in the gss_acquire_cred() library call
for several seconds. It then returns success, but the credentials
are bogus.
A workaround is:
# kinit -k host/nfs-client.domain
# mount -t nfs -o nfsv4,sec=krb5 nfs-server:/ /mnt
The one line patch in the atttachment seems to fix the problem.
I have no idea how long this bug has existed, but I suspect it
has been broken for quite a while, due to some change in the Heimdal
GSSAPI library.
--
You are receiving this mail because:
You are the assignee for the bug.
