Actions
action #159531
open[security] test fails in krb5_crypt_nfs_client
Start date:
2024-04-24
Due date:
% Done:
0%
Estimated time:
Difficulty:
Description
Observation¶
openQA test in scenario sle-15-SP5-Server-DVD-Updates-x86_64-fips_tests_crypt_krb5_client@64bit fails in
krb5_crypt_nfs_client
Test suite description¶
Testsuite maintained at https://gitlab.suse.de/qe-security/osd-sle15-security.
Reproducible¶
Fails since (at least) Build 20240419-1
Expected result¶
Last good: 20240418-1 (or more recent)
Further details¶
Always latest result in this scenario: latest
observation¶
NFS client is trying to connect to a server.example.com
, but it's not ready ?
Files
Updated by amanzini 17 days ago · Edited
- File clipboard-202404290926-fre8f.png clipboard-202404290926-fre8f.png added
- Status changed from New to In Progress
NFS mount with sec=sys
is fine, with sec=krb5
gives access denied from server.
Updated by amanzini 16 days ago · Edited
- forcing newer
"aes256-cts-hmac-sha384-192"
as crypto algo : test fails. - tried in non-FIPS mode, got a fail as well https://openqa.suse.de/tests/14175632#
some random considerations:
- in the server configuration,
/etc/sysconfig/nfs
, the optionNFS_SECURITY_GSS
is not present - in the
/etc/krb5.conf
, the optionfipslevel
is not documented (seeman krb5.conf
)
Updated by amanzini 14 days ago · Edited
PASS with
- kernel-5.14.21-150400.24.116-default
- krb5-1.19.2-150400.3.9.1
- krb5-server-1.19.2-150400.3.9.1
- krb5-client-1.19.2-150400.3.9.1
- nfs-client-2.1.1-150100.10.37.1
FAIL with
- kernel-5.14.21-150500-55.59-default
- krb5-1.20.1-150500.3.6.1
- krb5-server-1.20.1-150500.3.6.1
- krb5-client-1.20.1-150500.3.6.1
- nfs-client-2.1.1-150500.22.3.1
Actions