Re: NFS: SECINFO: security flavor 390003 is not supported

From: J. Bruce Fields
Date: Wed Jan 04 2017 - 14:49:50 EST


On Wed, Jan 04, 2017 at 02:29:01PM -0500, Dave Jones wrote:
> On Wed, Jan 04, 2017 at 02:23:58PM -0500, Steve Dickson wrote:
> >
> >
> > On 01/04/2017 02:03 PM, Dave Jones wrote:
> > > Since upgrading to 4.10-rc2, my nfs server has started printing these..
> > >
> > > [ 161.668635] NFS: SECINFO: security flavor 390003 is not supported
> > > [ 161.668655] NFS: SECINFO: security flavor 390004 is not supported
> > > [ 161.668670] NFS: SECINFO: security flavor 390005 is not supported
> > >
> > > Client is debian's 4.8 kernel with default mount options, so sec=sys
> > >
> > > What should I be doing to suppress these ? What causes them ?
> > The auth_rpcgss or rpcsec_gss_krb5 kernel modules not being loaded??
>
> I don't use kerberos, and CONFIG_SUNRPC_GSS=y

Hm, looks like that warning's from 676e4ebd5f2c "NFSD: SECINFO doesn't
handle unsupported pseudoflavors correctly", which went into 3.10-rc1.

So mountd is probably telling us that krb5/krb5i/krb5p are permitted on
some exports, though your kernel doesn't think it supports those for
some reason.

The exports are probably the v4 pseudoroot exports (I don't think normal
exports get the krb5 flavors unless you explicitly ask for them). So
this is partly also the fault of nfs-utils 4a1ad4aa3028 "mountd: Enable
all auth flavors on pseudofs exports".

I don't know why your kernel doesn't think it supports those.... Is it
possible to have have CONFIG_SUNRPC_GSS set and not
CONFIG_RPCSEC_GSS_KRB5?

Maybe simplest is just demote that printk to a debugging thing. It was
intended to help debug the case when somebody tries to, say, add
sec=krb5 exports but doesn't get the kernel configuration right, but
with mountd passing everything down in some cases it's not so helpful.

--b.

>
> Dave
>