SUSE Support

Here When You Need Us

mount attempts with sec=krb5 result in ‘access denied’

This document (7008928) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 1

Situation

Mounting via NFSv4 using Kerberos (sec=krb5) for host authentication fails with the message:

"mount.nfs: access denied by server while mounting"

Mounting without sec=krb5 is successful.
Restarting rpc.gssd in debug mode in the foreground: "rpc.gssd -vvvf" prints i.a. the following messages:

DEBUG: port already set to 2049
creating context with server info@host.domain.com
WARNING: Failed to create krb5 context for user with uid 0 for server host.domain.com
WARNING: Failed to create machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_DOMAIN.COM for server host.domain.com
WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server host.domain.com

The Transport Independent RPC library, libtirpc currently limits RPCSEC_GSS args to MAX_NETOBJ_SZ (1024) bytes.
This can cause problems when using large krb5 tickets. libtirpc was changed to allow larger ticket sizes with RPCSEC_GSS.

Resolution

The libtirpc update libtirpc1-0.2.1-1.5.1 released July 2011 includes the patch to resolve the problem. Please update the package to resolve the issue.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7008928
  • Creation Date: 30-Jun-2011
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.