[LU-16249] Kerberos works with krb5i but not with krb5p Created: 18/Oct/22 Updated: 05/Dec/22 Resolved: 02/Nov/22 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.16.0, Lustre 2.15.1 |
| Fix Version/s: | Lustre 2.16.0, Lustre 2.15.2 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Sebastien Buisson | Assignee: | Sebastien Buisson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | kerberos, sec | ||
| Issue Links: |
|
||||
| Severity: | 3 | ||||
| Rank (Obsolete): | 9223372036854775807 | ||||
| Description |
|
A system has been configured with Kerberos and is able to mount and access the filesystem from authenticated clients with the kerberos flavor set to krb5i. If the flavor type is changed to krb5p then we get messages like: lustre-test00-messages:Oct 11 08:58:34 lustre-test00 kernel: LustreError: 5215:0:(gss_krb5_mech.c:1518:gss_unwrap_bulk_kerberos()) checksum mismatch lustre-test00-messages:Oct 11 08:58:34 lustre-test00 kernel: LustreError: 5215:0:(gss_bulk.c:287:gss_cli_ctx_unwrap_bulk()) failed to decrypt bulk read: 60000 |
| Comments |
| Comment by Gerrit Updater [ 18/Oct/22 ] |
|
"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/48907 |
| Comment by Gerrit Updater [ 18/Oct/22 ] |
|
"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/48908 |
| Comment by Gerrit Updater [ 02/Nov/22 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/48907/ |
| Comment by Peter Jones [ 02/Nov/22 ] |
|
Landed for 2.16 |
| Comment by Gerrit Updater [ 08/Nov/22 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/48908/ |