From nobody Wed Apr 05 01:08:28 2023
X-Original-To: fs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Prmj86tPmz43Wqh
	for <fs@mlmmj.nyi.freebsd.org>; Wed,  5 Apr 2023 01:08:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Prmj84bnQz3RCl
	for <fs@FreeBSD.org>; Wed,  5 Apr 2023 01:08:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1680656908;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=85xHaxl4LoVvJD8HpEZh31NRW4Djnn8gm2vkHyegfLY=;
	b=BFCdamsAtuf7potgpiW/dGSmrU2+aPAtov4WDIOOf37EA2ZHr52mBZ58mtWHmBvNLwin1N
	G9pUYhaTugbXa7BrWJc8aPaMLnq3iGWo2zqG8wthRe+atyvr/hG0rqxTueDKwNDpni80Nu
	qT53T5Du3tlT6njwkWDHEcwK3O/y5+WQX1tn8ic0XFFGONEs68O+lBtC1Mua0Zp0i+Dp18
	blT/djj36m8EORc7lOQA6l5YrngeX0MXApr8TYH16FPViMNcA43qACFyXdPwEJvDG2Ks9n
	araWW7u+pw1kpw2/whMcdkvMrPnkcfWmvrnbjaOoUdR6SCKhlas0d0laWlNwvA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1680656908; a=rsa-sha256; cv=none;
	b=DZNnN4rV6YtlfYgLcTix9LC57DEcwjgq1bwtTgcpmSJ07h3F7WyAt7myIyC21YvtUHQiuu
	A3hr+gqBbGm7J/5NzUpFozPcVjeQBpWZDJ4Y7/OIOChnpKY3IkR2RNsmXRWEZFH2pHmGWr
	OJJXM/DL9JeVTxgUJYrRy2yvWOmJOz+MF3k09VsYR/LRyDVcfL9VA4xoC15CFvt1AoYnhu
	W01TcjTmQFYRepfgDQif5IQnTwPm0NA/MvbTZNzSmHDmFcbAJpESSuWcnjOEeIADFBBlo7
	Xfp7v1N3qhGBlLZi6Q8M0YT0jDQiBapFKix8yqBxcCpBe6GiPSOvOOPAdyW71A==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Prmj83YXyz130r
	for <fs@FreeBSD.org>; Wed,  5 Apr 2023 01:08:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 33518SmL018696
	for <fs@FreeBSD.org>; Wed, 5 Apr 2023 01:08:28 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 33518Sat018695
	for fs@FreeBSD.org; Wed, 5 Apr 2023 01:08:28 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: fs@FreeBSD.org
Subject: [Bug 270592] nfsv4 /etc/exports with -sec=krb5p gives permission
 denied
Date: Wed, 05 Apr 2023 01:08:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: conf
X-Bugzilla-Version: 13.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: rmacklem@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: fs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-270592-3630-dxKAmQ4bje@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-270592-3630@https.bugs.freebsd.org/bugzilla/>
References: <bug-270592-3630@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-fs
List-Help: <mailto:freebsd-fs+help@freebsd.org>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Subscribe: <mailto:freebsd-fs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-fs+unsubscribe@freebsd.org>
Sender: owner-freebsd-fs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270592

--- Comment #1 from Rick Macklem <rmacklem@FreeBSD.org> ---
Linux clients love to use krb5i for state
maintenance operations no matter what you
specify.

If you capture packets when the mount is done
and then look at them in wireshark, I'm pretty
sure you'll find it using "integrity" (in the
RPC credential) for RPCs that do stuff like
EXCHANGEID, CREATESESSION, RECLAIM_COMPLETE.

The Linux folk consider this a feature, for
NFSv4.1/4.2 mounts. (A mount with "minorversion=3D0"
would probably work, but you don't want to
use 4.0 when 4.1/4.2 is supported.)

It just so happens I reported this to
linux-nfs@vger.kernel.org and, if you look
at the reply in the email archive for it,
you'll see they consider it a feature.
(For my case it was sec=3Dkrb5, but I think
 you'll find it is the same.)

--=20
You are receiving this mail because:
You are the assignee for the bug.=