Bug#553335: nautilus: Asks passwd for CIFS share when kerberos ticket available

Vincent Zweije vincent at zweije.nl
Thu Mar 13 08:48:53 UTC 2014


On Thu, Mar 13, 2014 at 12:19:52AM +0000, althaser wrote:

||  Could you please still reproduce this issue with newer version
||  likeA 1.12.3-4 orA 1.16.3-2 ?

Unforunately, the problem persists.

    ~$ dpkg -l gvfs-backends
    Desired=Unknown/Install/Remove/Purge/Hold
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
    ||/ Name                                 Version                 Architecture            Description
    +++-====================================-=======================-=======================-==============================================================================
    ii  gvfs-backends                        1.16.3-2                amd64                   userspace virtual filesystem - backends
    ~$ klist
    Ticket cache: FILE:/tmp/krb5cc_1000_FwHFwc
    Default principal: vzweije@<realm>

    Valid starting     Expires            Service principal
    03/13/14 09:03:15  03/13/14 19:03:15  krbtgt/<realm>@<realm>
	    renew until 03/14/14 02:03:15
    ~$

Starting nautilus through openbox menu, selecting a previously unused
CIFS share, asks for password. Clicking cancel shows the share without
problems. After that:

    ~$ klist
    Ticket cache: FILE:/tmp/krb5cc_1000_FwHFwc
    Default principal: vzweije@<realm>

    Valid starting     Expires            Service principal
    03/13/14 09:03:15  03/13/14 19:03:15  krbtgt/<realm>@<realm>
	    renew until 03/14/14 02:03:15
    03/13/14 09:31:21  03/13/14 19:03:15  cifs/file01.<domain>@<realm>
	    renew until 03/14/14 02:03:15
    03/13/14 09:31:30  03/13/14 19:03:15  cifs/file01@<realm>
	    renew until 03/14/14 02:03:15
    ~$

So two cifs tickets have been added in this interaction.

Starting nautilus from the command line makes no difference -- this
excludes environment variable problems.

After stopping and starting nautilus the problem is gone -- if the cifs
tickets are already there, the cifs backend will use them.

It appears that the cifs backend checks the presence of the ticket,
but does not try to request it from the kerberos server, before asking
the password. Then when the password box is canceled, it still requests
the ticket from the kerberos server.

If so, it should try to request the cifs ticket if it's not there before
asking for the password.

Don't think it matters, but the kerberos server in question is a windows
active directory server.

Vincent.
-- 
Vincent Zweije <vincent at zweije.nl>   | "If you're flamed in a group you
<http://www.xs4all.nl/~zweije/>      | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] |            -- Paul Tomblin on a.s.r.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20140313/6c1a5046/attachment.sig>


More information about the pkg-gnome-maintainers mailing list