lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 Nov 2011 19:14:35 +0100
From:	John Hughes <john@...vaedi.com>
To:	Trond Myklebust <trond.myklebust@...app.com>
CC:	linux-nfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] Don't hang user processes if Kerberos ticket for nfs4 mount
 expires

With recent kernels if the Kerberos ticket for a nfs4 mount expires any 
user process trying to access the mount hangs until a new ticket is 
obtained.  Simultaneously a (luckily rate-limited, but still seemingly 
endless) stream of "Error: state manager encountered RPCSEC_GSS session 
expired against NFSv4 server" messages is written to the kernel log.

In a common setup with user home directories nfs4 mounted on 
workstations one of the processes that is likely to hang is the 
screen-unlock function which would normally (via pam_krb5 or similar) 
get the new ticket.

In older kernels the EKEYEXPIRED error would be passed to userland, 
which would usualy just give up.

This patch restores the old behavior, which makes nfs4 mounted home 
directories usable for me.




View attachment "nfs4-ekeyexpired.patch" of type "text/x-patch" (1278 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ