James, scanning the changelog entries you posted for changes between the Oracle Linux nfs-utils version that didn't work and the newer one that does, only one item really stands out as likely to be relevant:
- gssd: do not use krb5_cc_initialize (RHEL-85412) Searching for that change in the git history for nfs-utils (https://salsa.debian.org/kernel-team/nfs-utils) turns up this commit: commit 1cd9e3c0d290646e80750249914396566dd6b800 Author: Olga Kornievskaia <[email protected]> Date: Mon Mar 24 08:43:43 2025 -0400 gssd: do not use krb5_cc_initialize When gssd refreshes machine credentials, it uses the krb5_get_init_creds_keytab() and then to save the received credentials in a ticket cache, it proceeds to initialize the credential cache via a krb5_cc_initialize() before storing the received credentials into it. krb5_cc_initialize() is not concurrency safe. two gssd upcalls by uid=0, one for krb5i auth flavor and another for krb5p, would enter into krb5_cc_initialize() and one of them would fail, leading to an upcall failure and NFS operation error. Instead it was proposed that gssd changes its design to do what kinit does and forgo the use of krb5_cc_initialize and instead setup the output cache via krb5_get_init_creds_opt_set_out_cache() prior to calling krb5_get_init_creds_keytab() which would then store credentials automatically. https://mailman.mit.edu/pipermail/krbdev/2025-February/013708.html Signed-off-by: Olga Kornievskaia <[email protected]> Signed-off-by: Steve Dickson <[email protected]> It appears this was added in upstream/2.8.3 and backported by Red Hat to their 2.5.4-37. I wonder if applying that change to the version of nfs-utils in Ubuntu 24.04 would resolve the issue there, too. (Or maybe I'm way off base --- making a lot of assuptions here.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2138954 Title: Mounting with NFS over kerberos (krb5p) does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/2138954/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
