Multi-user sec=krb5 NFSv4 client blocks when one user has an expired ticket
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
nfs-utils (Debian) |
Fix Released
|
Unknown
|
Bug Description
I have an Ubuntu 08.04.3 NFSv4 server and a number of NFSv4 clients,
also running Ubuntu 08.04.3.
The clients use autofs to mount user home directories from the server.
I use Kerberos to authenticate the users logging into the clients (using
pam_krb5), and require Kerberos authentication of NFS traffic via the
sec=krb5 export and mount options.
Things seem to work normally on a workstation used by only one user -
people can log in, get, valid kerberos tickets from the KDC and their
home directory mounts automatically.
However, a problem arises on multi-user systems: if one user (say "user
A") has successfully logged in and left themselves logged in such that
their Kerberos TGT has expired, then a second user ("user B") attempts
to log into the same system then the attempt to access the home
directory of "user B" blocks indefinately. If "user A" subsequently
obtains a new Kerberos TGT then the login attempt belonging to "user B"
unblocks and runs to a successful completion.
While "B" is blocked, the kernel logs the following error message over
and over again, at a very high rate (3000-6000 times a second):
Aug 5 11:37:14 ulf kernel: [3099781.024499] Error: state recovery failed on NFSv4 server 163.1.248.155 with error 13
Aug 5 11:37:14 ulf kernel: [3099781.025007] Error: state recovery failed on NFSv4 server 163.1.248.155 with error 13
Aug 5 11:37:14 ulf kernel: [3099781.025483] Error: state recovery failed on NFSv4 server 163.1.248.155 with error 13
The symptoms that I am observing sound exactly like
http://
To be clear: I expect user A's access to NFS mounted filesystems to fail
when their Kerberos tickets have expired, but I don't expect user B's
access to the same filesystems to depend on user A.
ProblemType: Bug
Architecture: amd64
Date: Wed Aug 5 17:09:42 2009
Dependencies:
DistroRelease: Ubuntu 8.04
Package: linux None [modified: /var/lib/
PackageArchitec
ProcEnviron:
PATH=/
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: linux-meta
Uname: Linux 2.6.24-24-generic x86_64
Changed in nfs-utils (Debian): | |
status: | Unknown → New |
Changed in linux (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in nfs-utils (Debian): | |
status: | New → Fix Released |
[This is an automated message. Apologies if it has reached you inappropriately.]
This bug was reported against the linux-meta package when it likely should have been reported against the linux package instead. We are automatically transitioning this to the linux kernel package so that the appropriate teams are notified and made aware of this issue.
If this bug really is a bug in the linux-meta package you can move it back to linux-meta and set the Status to Confirmed, or contact us on the #ubuntu-kernel channel on the FreeNode IRC server. Thanks.