From 1912dfb625a4168e97817a70cca5a7c41a054b7a Mon Sep 17 00:00:00 2001
From: rmacklem <rmacklem@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Thu, 25 Oct 2012 00:50:14 +0000
Subject: [PATCH] MFC: r241582 Add a comment describing why r241097 was done.

git-svn-id: svn://svn.freebsd.org/base/stable/8@242018 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
index dadd36ef1..043718955 100644
--- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
+++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
@@ -1024,6 +1024,17 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg,
 	if (maj_stat != GSS_S_COMPLETE) {
 		rpc_gss_log_status("gss_verify_mic", client->cl_mech,
 		    maj_stat, min_stat);
+		/*
+		 * Attila Bogar and Herbert Poeckl reported similar problems
+		 * w.r.t. a Linux NFS client doing a krb5 NFS mount against the
+		 * FreeBSD server. We determined this was a Linux bug:
+		 * http://www.spinics.net/lists/linux-nfs/msg32466.html, where
+		 * the mount failed to work because a Destroy operation with a
+		 * bogus encrypted checksum destroyed the authenticator handle.
+		 * Since the checksum is bogus (gss_verify_mic() failed), it
+		 * doesn't make sense to destroy the handle and not doing so
+		 * fixes the Linux mount.
+		 */
 		if (gcproc != RPCSEC_GSS_DESTROY)
 			client->cl_state = CLIENT_STALE;
 		return (FALSE);
-- 
2.45.0