From: Eric Barton <eeb@sun.com>
To: lustre-devel@lists.lustre.org
Subject: [Lustre-devel] security: MGS connection
Date: Wed, 04 Jun 2008 18:47:28 +0100 [thread overview]
Message-ID: <023e01c8c66b$0eabce80$0281a8c0@ebpc> (raw)
In-Reply-To: <4846C394.1020801@sun.com>
Eric,
> Here is the user interface change according to previous discussion,
> please review:
>
> - The security flavor of MGS connection is determined by each node, not
> controllable by MGS.
Is this an unavoidable fact of life or a design decision? See below "XXX"
> - By default there's no protection.
See below "XXX"
>
> - Given the GSS/Kerberos env is ready, mount option "mgssec=flavor"
> could be supplied. Pre-configured machine credential will be used, so no
> need to supply password or whatsoever.
>
> - For MDT/OST, the option "mgssec=flavor" could also be written on disk,
> like other parameters, but will be override if mount option supplied.
>
> - The flavor of MGS connection won't change until umount, no matter how
> rest of connection flavors change at runtime.
> - MGC->MGS connection is one per node, so only one flavor could be used.
> For example, suppose 2 OSTs live in a single node, we do:
> # mount -t lustre -o mgssec=krb5p /dev/sda1 /mnt/ost1
> # mount -t lustre -o mgssec=null /dev/sda1 /mnt/ost2
> then only 'mgssec=krb5p' will take effect, the second 'mgssec=null' will
> be ignored.
I don't think it's acceptable to allow a previous mount to compromise
the security of a later mount.
XXX
This raises the interesting question of whether servers (MGS included) can
demand a minimim level of security from clients connecting to them. Is this
normally part of configuring security on a given node (e.g. to set the
machine credentials you mentioned above)?
> Are these (especially the last one) reasonable? Thanks.
>
> --
> Eric
>
next parent reply other threads:[~2008-06-04 17:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <C46C26CE.574E%peter.braam@sun.com>
[not found] ` <4846C394.1020801@sun.com>
2008-06-04 17:47 ` Eric Barton [this message]
2008-06-04 18:07 ` [Lustre-devel] security: MGS connection Spencer Shepler
2008-06-04 19:07 ` Eric Mei
2008-06-04 18:38 ` Eric Mei
2008-06-04 18:49 ` Peter Braam
2008-06-04 19:24 ` Eric Barton
2008-06-05 16:19 ` Eric Mei
2008-06-06 0:20 ` Eric Barton
2008-06-05 16:54 ` Eric Mei
2008-06-06 0:36 ` Eric Barton
2008-06-06 1:39 ` Eric Mei
2008-06-06 3:16 ` Peter Braam
2008-06-06 15:16 ` Eric Mei
2008-06-06 3:30 ` Peter Braam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='023e01c8c66b$0eabce80$0281a8c0@ebpc' \
--to=eeb@sun.com \
--cc=lustre-devel@lists.lustre.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.