Bug#553335: nautilus: Asks passwd for CIFS share when kerberos ticket available
Vincent Zweije
vincent at zweije.nl
Thu Mar 13 08:48:53 UTC 2014
On Thu, Mar 13, 2014 at 12:19:52AM +0000, althaser wrote:
|| Could you please still reproduce this issue with newer version
|| likeA 1.12.3-4 orA 1.16.3-2 ?
Unforunately, the problem persists.
~$ dpkg -l gvfs-backends
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-====================================-=======================-=======================-==============================================================================
ii gvfs-backends 1.16.3-2 amd64 userspace virtual filesystem - backends
~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000_FwHFwc
Default principal: vzweije@<realm>
Valid starting Expires Service principal
03/13/14 09:03:15 03/13/14 19:03:15 krbtgt/<realm>@<realm>
renew until 03/14/14 02:03:15
~$
Starting nautilus through openbox menu, selecting a previously unused
CIFS share, asks for password. Clicking cancel shows the share without
problems. After that:
~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000_FwHFwc
Default principal: vzweije@<realm>
Valid starting Expires Service principal
03/13/14 09:03:15 03/13/14 19:03:15 krbtgt/<realm>@<realm>
renew until 03/14/14 02:03:15
03/13/14 09:31:21 03/13/14 19:03:15 cifs/file01.<domain>@<realm>
renew until 03/14/14 02:03:15
03/13/14 09:31:30 03/13/14 19:03:15 cifs/file01@<realm>
renew until 03/14/14 02:03:15
~$
So two cifs tickets have been added in this interaction.
Starting nautilus from the command line makes no difference -- this
excludes environment variable problems.
After stopping and starting nautilus the problem is gone -- if the cifs
tickets are already there, the cifs backend will use them.
It appears that the cifs backend checks the presence of the ticket,
but does not try to request it from the kerberos server, before asking
the password. Then when the password box is canceled, it still requests
the ticket from the kerberos server.
If so, it should try to request the cifs ticket if it's not there before
asking for the password.
Don't think it matters, but the kerberos server in question is a windows
active directory server.
Vincent.
--
Vincent Zweije <vincent at zweije.nl> | "If you're flamed in a group you
<http://www.xs4all.nl/~zweije/> | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] | -- Paul Tomblin on a.s.r.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20140313/6c1a5046/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list