Linux

Bug #1424727
Comment #5

Comment 5 for bug 1424727

Revision history for this message

In Linux Kernel Bug Tracker #93891, bryan.quigley+bugs (bryan.quigley+bugs-linux-kernel-bugs) wrote on 2015-02-26:

The NFS client caches credentials and doesn't expose a way for kdestroy (or any other tool AFAIK to clear them).

How to reproduce:
Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
kinit user1
ls ~user1 #Test user1 permissions, this should always succeed (and does)

kdestroy #should destroy user1 permissions

kinit user2
ls ~user2# this should succeed, but it fails
ls ~user1# this should fail, but it still works!

This appears to be known upstream:
http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006

Bits and pieces of an earlier attempt at a fix:
http://www.spinics.net/lists/linux-nfs/msg34236.html
nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif

Another bug request: https://fedorahosted.org/gss-proxy/ticket/1 (and linked discussion)
Launchpad bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1424727

Workarounds:
Unmount/Mount NFS share