I did one more test on Trusty today, running 3.13.0-57-generic kernel. Installing keyutils (no other hacks needed), makes the keys turn permanent (which serves as a workaround but leads to problems because of the cache getting full).
Without keyutils, the keys do NOT get renewed as they should.
So, this is the current state:
Precise running 3.2 kernel: not affected
Precise running 3.13 lts kernel: keys do not get renewed, no way to make them permanent without ugly hacks.
Trusty running 3.13 kernel: keys do not get renewed, they can be made permanent by running keyutils.
In the Precise + lts kernel case, it's possible to hack around the userland tools to make the keys become permanent (keyutils + libkeyutils1 + libnfsidmap2 from trusty + /usr/sbin/nfsidmap + /etc/request-key.d/id_resolver.conf from nfs-common in trusty). I was not able to find a way to make the keys renew automatically which would be the right behavior.
I did one more test on Trusty today, running 3.13.0-57-generic kernel. Installing keyutils (no other hacks needed), makes the keys turn permanent (which serves as a workaround but leads to problems because of the cache getting full).
Without keyutils, the keys do NOT get renewed as they should.
So, this is the current state:
Precise running 3.2 kernel: not affected
Precise running 3.13 lts kernel: keys do not get renewed, no way to make them permanent without ugly hacks.
Trusty running 3.13 kernel: keys do not get renewed, they can be made permanent by running keyutils.
In the Precise + lts kernel case, it's possible to hack around the userland tools to make the keys become permanent (keyutils + libkeyutils1 + libnfsidmap2 from trusty + /usr/sbin/nfsidmap + /etc/request- key.d/id_ resolver. conf from nfs-common in trusty). I was not able to find a way to make the keys renew automatically which would be the right behavior.