Bug#849608: marked as done (nfs-common: For rpc.gssd, keytab location is hardcoded to /etc/krb5.keytab)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 13 Jun 2023 03:20:39 +0200
with message-id <1f101ddb03ad3bf3ab52404f2e8a773a255f625b.camel@decadent.org.uk>
and subject line Re: nfs-common: For rpc.gssd, keytab location is hardcoded to /etc/krb5.keytab
has caused the Debian Bug report #849608,
regarding nfs-common: For rpc.gssd, keytab location is hardcoded to /etc/krb5.keytab
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
849608: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849608
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: nfs-common: For rpc.gssd, keytab location is hardcoded to /etc/krb5.keytab
• From: Felix Lechner <felix.lechner@gmail.com>
• Date: Wed, 28 Dec 2016 18:59:24 -0800
• Message-id: <148298036449.10426.13673607871102608898.reportbug@lechner-desktop.us-core.com>

Package: nfs-common
Version: 1:1.3.4-2
Severity: normal
Tags: patch

Hi,

Someone using a keytab other than /etc/krb5.keytab must pass the location with
"-k" to rpc.gssd. Currently, those arguments are not collected from
/etc/defaults/nfs-common. (A similar point is addressed in report #846950.) As
an additional hurdle, rpc.gssd's systemd service will not run unless the
specific location /etc/krb5.keytab exists. The attached patch makes it possible
to specify custom keytab locations with "-k" in /etc/defaults/nfs-common.

A better solution would probably be to patch rpc.gssd so that it uses the
"default_keytab_name" from the [libdefaults] section in /etc/krb5.conf, unless
overridden. To salvage the systemd test, one may have to specify the keytab
location separately from other command-line options in /etc/defaults/nfs-
common. The attached patch does not do any of that.

Thank you for providing this package!

Best regards,
Felix



-- Package-specific info:
-- rpcinfo --
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  55091  status
    100024    1   tcp  35661  status
-- /etc/default/nfs-common --
NEED_STATD=
STATDOPTS=
NEED_IDMAPD=yes
NEED_GSSD=yes
RPCGSSDOPTS="-k /etc/keytabs/host.keytab"
-- /etc/idmapd.conf --
[General]
Verbosity = 5
Pipefs-Directory = /run/rpc_pipefs
Domain = us-core.com
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
-- /etc/fstab --
wallace-server:/acct /acct nfs4 rw,sec=krb5i 0 0
-- /proc/mounts --
wallace-server:/acct /acct nfs4
rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,port=0,timeo=600,retrans=2,sec=krb5i,clientaddr=2601:641:1:1c4e:baca:3aff:fe87:5f15,local_lock=none,addr=2601:641:1:1c4e::240a:2308
0 0

-- System Information:
Debian Release: stretch/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nfs-common depends on:
ii  adduser              3.115
ii  init-system-helpers  1.46
ii  keyutils             1.5.9-9
ii  libc6                2.24-8
ii  libcap2              1:2.25-1
ii  libcomerr2           1.43.3-1
ii  libdevmapper1.02.1   2:1.02.137-1
ii  libevent-2.0-5       2.0.21-stable-2.1
ii  libgssapi-krb5-2     1.15-1
ii  libk5crypto3         1.15-1
ii  libkeyutils1         1.5.9-9
ii  libkrb5-3            1.15-1
ii  libmount1            2.29-1
ii  libnfsidmap2         0.25-5
ii  libtirpc1            0.2.5-1.1
ii  libwrap0             7.6.q-25
ii  lsb-base             9.20161125
ii  rpcbind              0.2.3-0.5
ii  ucf                  3.0036

Versions of packages nfs-common recommends:
ii  python  2.7.11-2

Versions of packages nfs-common suggests:
pn  open-iscsi  <none>
pn  watchdog    <none>

-- Configuration Files:
/etc/default/nfs-common changed [not included]

-- no debconf information

-- debsums errors found:

Attachment: nfs-utils.diff.gz
Description: application/gzip

--- End Message ---

--- Begin Message ---

• To: 849608-done@bugs.debian.org
• Subject: Re: nfs-common: For rpc.gssd, keytab location is hardcoded to /etc/krb5.keytab
• From: Ben Hutchings <ben@decadent.org.uk>
• Date: Tue, 13 Jun 2023 03:20:39 +0200
• Message-id: <1f101ddb03ad3bf3ab52404f2e8a773a255f625b.camel@decadent.org.uk>
• In-reply-to: <148298036449.10426.13673607871102608898.reportbug@lechner-desktop.us-core.com>
• References: <148298036449.10426.13673607871102608898.reportbug@lechner-desktop.us-core.com>

Version: 1:2.5.4-1~exp1

Since upstream version 1.3.5, this has been configurable through
/etc/nfs.conf.

Ben.

-- 
Ben Hutchings
Who are all these weirdos? - David Bowie, on joining IRC

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---