Package: gssproxy
Version: 0.8.0-1.1
Severity: important
Hi,
On a system with kerberos (AD with sssd) and NFS mount,
some applications (long bioinfo applications with data on
the NFS partition) generate lots of logs that fill the
root (or /var/log/) partition.
To have an idea, in less than 24h, more that 5GB of
logs have been generated. There are all similar to:
Apr 30 14:31:24 ge95142-vm1 gssproxy[6880]: gssproxy[6888]: (OID: { 1 2 840
113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more
information, No credentials cache found
[and 300 similar lines for the same *second*]
And I find them tree times: they are logged into
/var/log/syslog, /var/log/daemon.log and /var/log/auth.log.
You should really provide a way to either limit the
rate of the logs and/or provide an way to avoid logs
(I do not find any).
Regards,
Vincent
-- System Information:
Debian Release: 10.3
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
'oldstable-updates'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.3.0-0.bpo.2-amd64 (SMP w/30 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gssproxy depends on:
ii libc6 2.28-10
ii libgssapi-krb5-2 1.17-3
ii libgssrpc4 1.17-3
ii libini-config5 0.6.1-2
ii libk5crypto3 1.17-3
ii libkrb5-3 1.17-3
ii libpopt0 1.16-12
ii libref-array1 0.6.1-2
ii libselinux1 2.8-1+b1
ii libverto1 0.3.0-2
gssproxy recommends no packages.
gssproxy suggests no packages.
-- Configuration Files:
/etc/gssproxy/99-nfs-client.conf changed:
[service/nfs-client]
mechs = krb5
cred_store = keytab:/etc/krb5.keytab
cred_store = ccache:FILE:/tmp/krb5cc_%U
cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab
cred_usage = initiate
allow_any_uid = yes
trusted = yes
euid = 0
-- no debconf information
