Notice in http://svnweb.freebsd.org/base/head/kerberos5/lib/libgssapi_krb5/pname_to_uid.c?revision=181344&view=markup .. OM_uint32 34 _gsskrb5_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname, 35 const gss_OID mech, uid_t *uidp) 36 { 37 krb5_context context; 38 krb5_const_principal name = (krb5_const_principal) pname; 39 krb5_error_code kret; 40 char lname[MAXLOGNAME + 1], buf[128]; 41 struct passwd pwd, *pw; 52 getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw); 128 is too small. Any non-trivial use of kerberos via nfs fails to record the correct user names. Fix: -40 char lname[MAXLOGNAME + 1], buf[128]; +40 char lname[MAXLOGNAME + 1], buf[1204]; How-To-Repeat: Put some debug writes in there, you'll notice when kerberos is being used no user names authenticate. kerberos on nfs is essentially broken if the total length of the strings in the passwd structure exceed 128 bytes. Given the password itself can be 128 characters, much less the gecos, dir, shell, etc. etc....
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>