Bug 212145

Summary: Host kerberos credential are used in container
Product: File System Reporter: Xiaoli Feng (fengxiaoli0714)
Component: CIFSAssignee: fs_cifs (fs_cifs)
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.12.0-rc1+ Subsystem:
Regression: No Bisected commit-id:
Attachments: tcpdump data

Description Xiaoli Feng 2021-03-09 02:50:17 UTC 
Use podman to create two pod. One work as samba server. One work as client. Setup samba and kerberos in server. Then mount cifs in client. It's failed. But if execute kinit in host. Then mount successfully.


In container client:
[root@849a34460dc9 /]# uname -r
5.12.0-rc1+
[root@849a34460dc9 /]# kinit root
Password for root@RHQE.COM: 
[root@849a34460dc9 /]#
[root@849a34460dc9 /]# mount //b3472c982938/share1 -overs=3.11,sec=krb5 /mnt/cifsmp
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

Then login into host and execute kinit

Host:
[root@kvm-04-guest06 ~]# kinit root
Password for root@RHQE.COM:
[root@kvm-04-guest06 ~]#

Back to container client:

[root@849a34460dc9 /]# mount //b3472c982938/share1 -overs=3.11,sec=krb5 /mnt/cifsmp
[root@849a34460dc9 /]#
Comment 1 Xiaoli Feng 2021-03-09 03:02:53 UTC 
Created attachment 295759 [details]
tcpdump data