Launchpad has imported 2 comments from the remote bug at https://bugzilla.kernel.org/show_bug.cgi?id=93891.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2015-02-26T15:30:41+00:00 bryan.quigley+bugs wrote: The NFS client caches credentials and doesn't expose a way for kdestroy (or any other tool AFAIK to clear them). How to reproduce: Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories) kinit user1 ls ~user1 #Test user1 permissions, this should always succeed (and does) kdestroy #should destroy user1 permissions kinit user2 ls ~user2# this should succeed, but it fails ls ~user1# this should fail, but it still works! This appears to be known upstream: http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006 Bits and pieces of an earlier attempt at a fix: http://www.spinics.net/lists/linux-nfs/msg34236.html nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif Another bug request: https://fedorahosted.org/gss-proxy/ticket/1 (and linked discussion) Launchpad bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1424727 Workarounds: Unmount/Mount NFS share Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1424727/comments/5 ------------------------------------------------------------------------ On 2015-03-30T16:27:01+00:00 bryan.quigley+bugs wrote: If spinics is down use http://linux- nfs.vger.kernel.narkive.com/JHXBEH6t/patch-0-2-rfc-enable-the-use-of- the-keyring-credential-cache [PATCH 0/2] RFC: enable the use of the KEYRING credential cache Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1424727/comments/6 ** Changed in: linux Status: Unknown => Confirmed ** Changed in: linux Importance: Unknown => Medium ** Bug watch added: fedorahosted.org/gss-proxy/ #1 https://fedorahosted.org/gss-proxy/ticket/1 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1424727 Title: NFS access not revoked on kdestroy Status in Linux: Confirmed Status in linux package in Ubuntu: Confirmed Bug description: 1) Ubuntu 14.04 2) 3.13 kernel or mainline kernel 3.19. krb5-user [1.12+dfsg-2ubuntu5.1] nfs-common [1:1.2.8-6ubuntu1] 3) What should happen: Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories) kinit user1 ls ~user1 #Test user1 permissions, this should always succeed (and does) kdestroy #should destroy user1 permissions kinit user2 ls ~user2# this should succeed! ls ~user1# this should fail! 4) What happened instead: After kinit user2: ls ~user2# this FAILS ls ~user1# this still WORKS This appears to be known upstream: http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006 Bits and pieces of an earlier attempt at a fix: http://www.spinics.net/lists/linux-nfs/msg34236.html nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif Another bug request: https://fedorahosted.org/gss-proxy/ticket/1 (and linked discussion) Workarounds: Unmount/Mount NFS share To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1424727/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
