Hi Vincent,
Please see `man gssproxy.conf` for logging options. You probably want to set
debug_level to 0 to disable logging.
Thanks,
--Robbie
On April 30, 2020 11:03:29 AM EDT, Vincent Danjean <vdanj...@debian.org> wrote:
>Package: gssproxy
>Version: 0.8.0-1.1
>Severity: important
>
> Hi,
>
> On a system with kerberos (AD with sssd) and NFS mount,
>some applications (long bioinfo applications with data on
>the NFS partition) generate lots of logs that fill the
>root (or /var/log/) partition.
> To have an idea, in less than 24h, more that 5GB of
>logs have been generated. There are all similar to:
>
>Apr 30 14:31:24 ge95142-vm1 gssproxy[6880]: gssproxy[6888]: (OID: { 1 2
>840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide
>more information, No credentials cache found
>[and 300 similar lines for the same *second*]
>
>And I find them tree times: they are logged into
>/var/log/syslog, /var/log/daemon.log and /var/log/auth.log.
>
>
> You should really provide a way to either limit the
>rate of the logs and/or provide an way to avoid logs
>(I do not find any).
>
> Regards,
> Vincent
>
>
>-- System Information:
>Debian Release: 10.3
> APT prefers stable
>APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
>'oldstable-updates'), (500, 'testing'), (500, 'oldstable')
>Architecture: amd64 (x86_64)
>
>Kernel: Linux 5.3.0-0.bpo.2-amd64 (SMP w/30 CPU cores)
>Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
>TAINT_UNSIGNED_MODULE
>Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8),
>LANGUAGE=C.UTF-8 (charmap=UTF-8)
>Shell: /bin/sh linked to /bin/dash
>Init: systemd (via /run/systemd/system)
>
>Versions of packages gssproxy depends on:
>ii libc6 2.28-10
>ii libgssapi-krb5-2 1.17-3
>ii libgssrpc4 1.17-3
>ii libini-config5 0.6.1-2
>ii libk5crypto3 1.17-3
>ii libkrb5-3 1.17-3
>ii libpopt0 1.16-12
>ii libref-array1 0.6.1-2
>ii libselinux1 2.8-1+b1
>ii libverto1 0.3.0-2
>
>gssproxy recommends no packages.
>
>gssproxy suggests no packages.
>
>-- Configuration Files:
>/etc/gssproxy/99-nfs-client.conf changed:
>[service/nfs-client]
> mechs = krb5
> cred_store = keytab:/etc/krb5.keytab
> cred_store = ccache:FILE:/tmp/krb5cc_%U
> cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab
> cred_usage = initiate
> allow_any_uid = yes
> trusted = yes
> euid = 0
>
>
>-- no debconf information
