Problem with krb5 authentification, server under a NAT
Quentin Godfroy
godfroy at clipper.ens.fr
Tue Apr 22 14:03:26 EDT 2008
On Tue, Apr 22, 2008 at 12:56:20PM -0400, J. Bruce Fields wrote:
> On Tue, Apr 22, 2008 at 06:19:09PM +0200, Quentin Godfroy wrote:
> > Hi,
> >
> > I have a problem with krb5 authentification and nfsv4:
> >
> > basically the server is behind a NAT which over I do not have much control.
> > To mount exported partitions I use socat on the NAT and redirect some TCP port
> > (actually 2050 because 2049 is firewalled) to the port 2049 on the server. I
> > can successfuly mount with auth=sys,port=2050, but I am unable to mount with
> > kerberos authentification. The problem seems to lie within rpc.gssd which does
> > not care for the port setting and tries to contact the server on port 2049.
> >
> > I suppose the same could happen with nfsv{2,3} (provided the mountd port is
> > redirected as well)
> >
> > Is this a problem you were aware of?
> >
> > I suppose fixing it may require a change in the callback between the kernel
> > and rpc.gssd?
>
> What kernel are you on? As of 2.6.24 (more specifically:
>
> bf19aacecbeebccb2c3d150a8bd9416b7dba81fe "nfs: add server port
> to rpc_pipe info file"
>
> the kernel does give gssd the information it needs to figure out which
> port the server is on.
Both server and client are 2.6.24.something, and rpc.gssd is from Debian's
nfs-common 1:1.1.2-2
>
> Looks to me like gssd doesn't yet use that yet, though. Olga, did you
> have a patch to make gssd read the "port:" line from the info file?
More information about the NFSv4
mailing list