All of lore.kernel.org
 help / color / mirror / Atom feed
* [Lustre-devel] GSS cross-realm broken in lsvcgssd
@ 2008-06-20  4:16 Benjamin Bennett
  2008-06-20 16:13 ` Eric Mei
  0 siblings, 1 reply; 2+ messages in thread
From: Benjamin Bennett @ 2008-06-20  4:16 UTC (permalink / raw)
  To: lustre-devel

lsvcgssd from the current HEAD refuses all remote-realm principals, the 
culprit is get_ids() in lustre/utils/gss/svcgssd_proc.c

In the previous revision (1.4):
   MDS accepts remote principals with mapping to local user.
   OSS accepts remote "lustre_root at SOMEREALM" principals.
   Any other remote principals are logged as unmapped and failed.

In the current revision (1.5, since Jan):
   MDS fails all remote principals.
   OSS fails all remote principals.
   Unmapped remote principals are logged, mapped are not.

The attached patch (against 1.5):
   Restores previous MDS behavior of accepting remote principals with 
mapping to local user.
   Modifies OSS behavior to accept remote "lustre_root at SOMEREALM" and 
"lustre_root/hostname at SOMEREALM" principals.
   Fixes logging errors in get_ids().


Notice of any problems with this patch, or other suggestions, are 
appreciated.


thanks,

--ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lsvcgssd-xrealm.patch
Type: text/x-patch
Size: 3199 bytes
Desc: not available
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20080620/3fd48709/attachment.bin>

^ permalink raw reply	[flat|nested] 2+ messages in thread
* [Lustre-devel] GSS cross-realm broken in lsvcgssd
  2008-06-20  4:16 [Lustre-devel] GSS cross-realm broken in lsvcgssd Benjamin Bennett
@ 2008-06-20 16:13 ` Eric Mei
  0 siblings, 0 replies; 2+ messages in thread
From: Eric Mei @ 2008-06-20 16:13 UTC (permalink / raw)
  To: lustre-devel

Hello Ben,

Benjamin Bennett wrote:
> lsvcgssd from the current HEAD refuses all remote-realm principals, the 
> culprit is get_ids() in lustre/utils/gss/svcgssd_proc.c
> 
> In the previous revision (1.4):
>   MDS accepts remote principals with mapping to local user.
>   OSS accepts remote "lustre_root at SOMEREALM" principals.
>   Any other remote principals are logged as unmapped and failed.
> 
> In the current revision (1.5, since Jan):
>   MDS fails all remote principals.
>   OSS fails all remote principals.
>   Unmapped remote principals are logged, mapped are not.
> 
> The attached patch (against 1.5):
>   Restores previous MDS behavior of accepting remote principals with 
> mapping to local user.
>   Modifies OSS behavior to accept remote "lustre_root at SOMEREALM" and 
> "lustre_root/hostname at SOMEREALM" principals.
>   Fixes logging errors in get_ids().

We didn't really tested cross-realm cases. The patch looks great, we'll 
merge it into our CVS asap. Thanks a lot!

-- 
Eric

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-06-20 16:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-20  4:16 [Lustre-devel] GSS cross-realm broken in lsvcgssd Benjamin Bennett
2008-06-20 16:13 ` Eric Mei

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.