NFSv4 + Kerberos + users
Zoltan Menyhart
Zoltan.Menyhart at bull.net
Tue Jun 19 11:38:45 EDT 2007
Kevin Coffman wrote:
> I downloaded and un-tarred your code and ran a.out and the call to
> authgss_create_default() fails, but I don't see the memory corruption
> you are getting. This is the same result I got when I compiled it
> myself. (I'll note that this is using the gssapi and rpcsecgss
> libraries from /usr/lib rather than the ones installed in
> /usr/local/lib. Could you re-link with -Wl,-rpath=/usr/local/lib and
> see if you still have the problem?
Well, I missed that the lib was in installed in /usr/local/lib. Now:
# cc -O2 -g test.c src/.libs/librpcsecgss.a -Wl,-rpath=/usr/local/lib -l gssapi
# ldd a.out
linux-gate.so.1 => (0xa000000000000000)
libgssapi.so.2 => /usr/local/lib/libgssapi.so.2 (0x2000000000050000)
libc.so.6.1 => /lib/tls/libc.so.6.1 (0x2000000000090000)
libdl.so.2 => /lib/libdl.so.2 (0x2000000000300000)
/lib/ld-linux-ia64.so.2 (0x2000000000000000)
Or both libs linked in:
# cc -O2 -g test.c src/.libs/librpcsecgss.a ../libgssapi-0.11/src/.libs/libgssapi.a -l dl
# ldd a.out
linux-gate.so.1 => (0xa000000000000000)
libdl.so.2 => /lib/libdl.so.2 (0x2000000000070000)
libc.so.6.1 => /lib/tls/libc.so.6.1 (0x2000000000090000)
/lib/ld-linux-ia64.so.2 (0x2000000000000000)
... does not change anything, in both of these cases, it is the same as before.
Namely: if there is no valid credential in the cache, I cannot see any corruption:
# kdestroy
# ./a.out
Calling authgss_create_default()
authgss_create_default() failed
# kinit
Password for root at FREC.BULL.FR:
# ./a.out
Calling authgss_create_default()
... many unprintable characters...authgss_create_default() failed
Depending on the data corruption - as stuffs can be allocated at different
addresses each time - sometimes I can see the message
"authgss_create_default() failed" after a time-out of 25 secs.
The "telnet -a lucy2_10g" accepts me, i.e. my credential is valid.
I did not want to change the Makefile of the nfs-utils, I just forced:
# export LD_LIBRARY_PATH=/usr/local/lib/
# ldd gssd
linux-gate.so.1 => (0xa000000000000000)
librpcsecgss.so.1 => /usr/lib/librpcsecgss.so.1 (0x2000000000070000)
libgssapi.so.2 => /usr/local/lib/libgssapi.so.2 (0x20000000000a0000)
libdl.so.2 => /lib/libdl.so.2 (0x20000000000c0000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x20000000000e0000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x2000000000120000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x2000000000210000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x2000000000260000)
libresolv.so.2 => /lib/libresolv.so.2 (0x2000000000280000)
libc.so.6.1 => /lib/tls/libc.so.6.1 (0x20000000002c0000)
/lib/ld-linux-ia64.so.2 (0x2000000000000000)
# rpc.gssd -m -vvv -rrr -n -f
beginning poll
In another xterm: mount lucy2_10g:/
handling krb5 upcall
getting credentials for client with uid 0 for server lucy2_10g.frec.bull.fr
CC file 'krb5cc_machine_FREC.BULL.FR' being considered
CC file 'krb5cc_machine_FREC.BULL.FR' matches owner check and has mtime of 1181136512
CC file 'krb5cc_0' being considered
CC file 'krb5cc_0' matches owner check and has mtime of 1182266155
CC file 'krb5cc_0' is our current best match with mtime of 1182266155
using FILE:/tmp/krb5cc_0 as credentials cache for client with uid 0 for server lucy2_10g.frec.bull.fr
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_0
creating context using fsuid 0 (save_uid 0)
creating tcp client for server lucy2_10g.frec.bull.fr
creating context with server nfs at lucy2_10g.frec.bull.fr
Segmentation fault
It's the same as before...
A second thought: gssd refers to librpcsecgss.so.1, while librpcsecgss-0.14 creates
librpcsecgss.so.3. Should I and where should I update a Makefile?
(However the test.c (statically linked) will not be effected by this...)
Have you got some tests for the GSS lib?
Thanks,
Zoltan
More information about the NFSv4
mailing list