From 24f42edcdd761cf55ffeb19d2b44e961967e7abc Mon Sep 17 00:00:00 2001 From: Rick Macklem Date: Wed, 11 Jan 2023 18:23:17 -0800 Subject: [PATCH] Revert "gssd: Fix handling of the gssname= NFS mount option" This reverts commit c33509d49a6fdcf86ef280a78f428d3cb7012c4a. It turns out that the long 27 second delay I saw in the gss_acquire_cred() call was caused by a (mis)configured DNS. Although I did not specify "dns" in /etc/nsswitch.conf, I did have a /etc/resolv.conf file on the system (left there by wpa_supplicant). As such, with no route, it was somehow trying to contact the DNS server, although there was none. Once I got rid of the /etc/resolv.conf file, it worked as expected. Since there is now a large 5 minute timeout on the kernel to gssd(8) upcalls, the gssd(8) daemon will not get terminated when this delay occurs and the only affect is a 30 second delay during the mount. Discussed with: bjk --- usr.sbin/gssd/gssd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.sbin/gssd/gssd.c b/usr.sbin/gssd/gssd.c index ee77471bf05..5589da37c19 100644 --- a/usr.sbin/gssd/gssd.c +++ b/usr.sbin/gssd/gssd.c @@ -847,7 +847,7 @@ gssd_acquire_cred_1_svc(acquire_cred_args *argp, acquire_cred_res *result, struc } result->major_status = gss_acquire_cred(&result->minor_status, - GSS_C_NO_NAME, argp->time_req, argp->desired_mechs, + desired_name, argp->time_req, argp->desired_mechs, argp->cred_usage, &cred, &result->actual_mechs, &result->time_rec); gssd_verbose_out("gssd_acquire_cred: done major=0x%x minor=%d\n", (unsigned int)result->major_status, (int)result->minor_status);