Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13754

GSS-based authentication fails on CentOS/RHEL 7.8

    XMLWordPrintable

Details

    • 3
    • 9223372036854775807

    Description

      With CentOS/RHEL 7.8, it seems impossible for clients to authenticate with servers when a Kerberos or SSK flavor is enforced.

      The client console shows:

      [ 1152.954776] Lustre: DEBUG MARKER: /usr/sbin/lctl mark -----============= acceptance-small: sanity ============----- Fri Jun 26 18:16:14 UTC 2020
[ 1153.535844] Lustre: DEBUG MARKER: -----============= acceptance-small: sanity ============----- Fri Jun 26 18:16:14 UTC 2020
[ 1154.279614] Lustre: DEBUG MARKER: /usr/sbin/lctl mark == sanity test complete, duration -o sec ============================================================= 18:16:15 \(1593195375\)
[ 1154.866121] Lustre: DEBUG MARKER: == sanity test complete, duration -o sec ============================================================= 18:16:15 (1593195375)
[ 1156.755955] Lustre: DEBUG MARKER: /usr/sbin/lctl get_param -n version 2>/dev/null
[ 1157.639632] Lustre: DEBUG MARKER: /usr/sbin/lctl mark excepting tests: 42a 42b 42c 407 312 56ob 17n 60a 133g 300f
[ 1158.222239] Lustre: DEBUG MARKER: excepting tests: 42a 42b 42c 407 312 56ob 17n 60a 133g 300f
[ 1158.853766] Lustre: DEBUG MARKER: /usr/sbin/lctl mark skipping tests SLOW=no: 27m 64b 68 71 115 135 136 300o
[ 1159.435119] Lustre: DEBUG MARKER: skipping tests SLOW=no: 27m 64b 68 71 115 135 136 300o
[ 1163.400808] Lustre: 24745:0:(client.c:2261:ptlrpc_expire_one_request()) @@@ Request sent has timed out for slow reply: [sent 1593195377/real 1593195377]  req@ffff912863195680 x1670585430065920/t0(0) o801->lustre-MDT0000-mdc-ffff91287754e000@10.2.5.166@tcp:12/10 lens 224/224 e 0 to 1 dl 1593195385 ref 2 fl Rpc:XQr/0/ffffffff rc 0/-1 job:'lgss_keyring.0'
[ 1163.405873] Lustre: 24745:0:(client.c:2261:ptlrpc_expire_one_request()) Skipped 31 previous similar messages
[ 1163.407582] LustreError: 24745:0:(gss_keyring.c:1435:gss_kt_update()) negotiation: rpc err -85, gss err 0
[ 1163.409156] LustreError: 24745:0:(gss_keyring.c:1435:gss_kt_update()) Skipped 31 previous similar messages
[ 1163.411036] Lustre: 24745:0:(sec_gss.c:315:cli_ctx_expire()) ctx ffff912863eedd00(0->lustre-MDT0000_UUID) get expired: 1593195417(+32s)
[ 1163.413059] Lustre: 24745:0:(sec_gss.c:315:cli_ctx_expire()) Skipped 30 previous similar messages

      So all authentication requests fail on timeout.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-13739 mount fails with SSK keys

          • Major - Major loss of function.
          • Closed

          Activity

            People

              sebastien Sebastien Buisson
              sebastien Sebastien Buisson
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: