Re: ls input/output error ("NFS: readdir(/) returns -5") on krb5 NFSv4 client using SHA2

Next message: Guillaume Gomez: "Re: [PATCH 1/2] rust: pin-init: fix broken rust doc link"
Previous message: Rafael J. Wysocki: "Re: [PATCH v1 2/2] cpuidle: governors: teo: Simplify intercepts-based state lookup"
In reply to: Scott Mayhew: "Re: ls input/output error (&quot;NFS: readdir(/) returns -5&quot;) on krb5 NFSv4 client using SHA2"
Next in thread: Tyler W. Ross: "Re: ls input/output error (&quot;NFS: readdir(/) returns -5&quot;) on krb5 NFSv4 client using SHA2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Simon Josefsson

Date: Wed Nov 19 2025 - 16:15:37 EST

Salvatore Bonaccorso <carnil@xxxxxxxxxx> writes:

> I'm looping in here the gssproxy maintainer as well. Simon, this is
> about https://bugs.debian.org/1120598 . I assume there is nothing on
> gssroxy side which can be done to warn about the situation, quoting
> again:
>
>> The actual issue at hand then seems to be that gssproxy is requesting (and
>> receiving) a service ticket with an unusable (for the NFS mount) enctype,
>> when performing constrained delegation/S4U2Proxy.
>
> ?

It isn't clear to me if the gssproxy behaviour is buggy or just
sub-optimal, but it seems like gssproxy upstream could develop some
patch to make the enctypes match. I'm not sure if that is generally a
safe thing, even if it would fix the problem. Anyway, I think this
looks definitely beyond any Debian-specific concern about gssproxy so I
think some upstream recommendation is needed here, and I don't have a
working NFSv4 gss setup available to debug this.

/Simon

Attachment: signature.asc
Description: PGP signature