Bug#849608: nfs-common: For rpc.gssd, keytab location is hardcoded to /etc/krb5.keytab

Wed, 28 Dec 2016 19:03:37 -0800 

Package: nfs-common
Version: 1:1.3.4-2
Severity: normal
Tags: patch

Hi,

Someone using a keytab other than /etc/krb5.keytab must pass the location with
"-k" to rpc.gssd. Currently, those arguments are not collected from
/etc/defaults/nfs-common. (A similar point is addressed in report #846950.) As
an additional hurdle, rpc.gssd's systemd service will not run unless the
specific location /etc/krb5.keytab exists. The attached patch makes it possible
to specify custom keytab locations with "-k" in /etc/defaults/nfs-common.

A better solution would probably be to patch rpc.gssd so that it uses the
"default_keytab_name" from the [libdefaults] section in /etc/krb5.conf, unless
overridden. To salvage the systemd test, one may have to specify the keytab
location separately from other command-line options in /etc/defaults/nfs-
common. The attached patch does not do any of that.

Thank you for providing this package!

Best regards,
Felix



-- Package-specific info:
-- rpcinfo --
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  55091  status
    100024    1   tcp  35661  status
-- /etc/default/nfs-common --
NEED_STATD=
STATDOPTS=
NEED_IDMAPD=yes
NEED_GSSD=yes
RPCGSSDOPTS="-k /etc/keytabs/host.keytab"
-- /etc/idmapd.conf --
[General]
Verbosity = 5
Pipefs-Directory = /run/rpc_pipefs
Domain = us-core.com
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
-- /etc/fstab --
wallace-server:/acct /acct nfs4 rw,sec=krb5i 0 0
-- /proc/mounts --
wallace-server:/acct /acct nfs4
rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,port=0,timeo=600,retrans=2,sec=krb5i,clientaddr=2601:641:1:1c4e:baca:3aff:fe87:5f15,local_lock=none,addr=2601:641:1:1c4e::240a:2308
0 0

-- System Information:
Debian Release: stretch/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nfs-common depends on:
ii  adduser              3.115
ii  init-system-helpers  1.46
ii  keyutils             1.5.9-9
ii  libc6                2.24-8
ii  libcap2              1:2.25-1
ii  libcomerr2           1.43.3-1
ii  libdevmapper1.02.1   2:1.02.137-1
ii  libevent-2.0-5       2.0.21-stable-2.1
ii  libgssapi-krb5-2     1.15-1
ii  libk5crypto3         1.15-1
ii  libkeyutils1         1.5.9-9
ii  libkrb5-3            1.15-1
ii  libmount1            2.29-1
ii  libnfsidmap2         0.25-5
ii  libtirpc1            0.2.5-1.1
ii  libwrap0             7.6.q-25
ii  lsb-base             9.20161125
ii  rpcbind              0.2.3-0.5
ii  ucf                  3.0036

Versions of packages nfs-common recommends:
ii  python  2.7.11-2

Versions of packages nfs-common suggests:
pn  open-iscsi  <none>
pn  watchdog    <none>

-- Configuration Files:
/etc/default/nfs-common changed [not included]

-- no debconf information

-- debsums errors found:

Attachment: nfs-utils.diff.gz
Description: application/gzip

Reply via email to