mirror of
https://github.com/opnsense/src.git
synced 2026-05-13 17:50:39 -04:00
08b2c77707
It turns out that the underlying problem that caused a Kerberized NFS mount with the "gssname" option to fail was that the kernel upcall to the gssd(8) daemon would time out prematurely after 25 seconds. The gss_acquire_cred() GSSAPI library call takes about 27 seconds for the case where a desired_name argument is specified. A similarly long delay occurs when the gss_init_sec_context() call is made and the user principal's TGT has expired. Once the upcall timed out, the kernel code assumed that the gssd(8) daemon had died and closed the socket. Ironically, closing the socket did cause the gssd(8) daemon to terminate via a SIGPIPE signal. This patch increases the timeout to 5 minutes. Since a timeout should only occur when the gssd(8) daemon has died, a long timeout should be ok and seems to fix this problem. I still think that commit |
||
|---|---|---|
| .. | ||
| krb5 | ||
| gss_accept_sec_context.c | ||
| gss_acquire_cred.c | ||
| gss_add_oid_set_member.c | ||
| gss_canonicalize_name.c | ||
| gss_create_empty_oid_set.c | ||
| gss_delete_sec_context.c | ||
| gss_display_status.c | ||
| gss_export_name.c | ||
| gss_get_mic.c | ||
| gss_impl.c | ||
| gss_import_name.c | ||
| gss_init_sec_context.c | ||
| gss_names.c | ||
| gss_pname_to_uid.c | ||
| gss_release_buffer.c | ||
| gss_release_cred.c | ||
| gss_release_name.c | ||
| gss_release_oid_set.c | ||
| gss_set_cred_option.c | ||
| gss_test_oid_set_member.c | ||
| gss_unwrap.c | ||
| gss_verify_mic.c | ||
| gss_wrap.c | ||
| gss_wrap_size_limit.c | ||
| gssapi.h | ||
| gssapi_impl.h | ||
| gssd.x | ||
| gssd_prot.c | ||
| gsstest.c | ||
| kgss_if.m | ||