Ubuntu
nfs-utils package

  1. Bug #794112
  2. Comment #18

Comment 18 for bug 794112

Revision history for this message
Steve Atwell (satwell) wrote : Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client

This same problem applies to kerberized NFSv3 as well as NFSv4. In both cases, the kernel will keep retrying if rpc.gssd only finds expired credentials. I've been investigating this problem because after a Lucid to Precise upgrade, users with kerberized NFS homedirs are unable to unlock their screens.

Back in Jan 2010, rpc.gssd got support for returning EKEYEXPIRED:
http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=289ad31e

And around the same time, the kernel was changed to retry on EKEYEXPIRED:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=2c643488 (NFSv4)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b68d69b8 (NFSv3)

So it looks like this is intended behavior, but it leaves users with kerberized NFS home directories in a really bad situation. There have been some proposed patches both here and in the linked Debian bug against nfs-utils, but so far it doesn't look like any have been accepted upstream.