From: Steve Dickson <SteveD@redhat.com>
To: Eberhard Kuemmerle <E.Kuemmerle@fz-juelich.de>
Cc: linux-nfs@vger.kernel.org
Subject: Re: Patch proposal for svcgssd
Date: Mon, 27 Sep 2010 07:13:43 -0400 [thread overview]
Message-ID: <4CA07C67.2060201@RedHat.com> (raw)
In-Reply-To: <201009271029.43607.E.Kuemmerle@fz-juelich.de>
On 09/27/2010 04:29 AM, Eberhard Kuemmerle wrote:
> Hello,
>
> we use a two-node cluster (pacemaker, corosync, drbd) as nfs-server.
> We configured a virtual cluster-IP (using ocf::heartbeat:IPaddr2, iptables CLUSTERIP),
> i.e. the nfs clients call the server as OurClusterIP.OurDomain.de while the real hostnames of the servers are
> OurServer1.OurDomain.de and OurServer2.OurDomain.de.
>
> If I tried to use the mount option krb5, svcgssd denied the mount with the message:
> ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): Unspecified GSS failure. Minor code may provide more information - Wrong principal in request
>
> I patched svcgssd that we can specify the principal to use as an option:
> svcgssd -p nfs/OurClusterIP.OurDomain.de
>
> Now, krb5 works fine!
>
> I suggest to include that patch in the main line of nfs-utils to enable the use of krb5 with such virtual IP's.
> The small patch is appended to the mail.
This looks like a reasonable idea... but a couple of nits...
1) There needs to be an update to the man page, in a separate patch, preferably.
2) Please don't make the patch an email attachment, inline it in
email. See http://www.kernel.org/pub/linux/docs/lkml/#s1-10
for details.
3) Please add the 'Signed-off-by:' line after your patch description.
Note, in the next day or so I will be doing nfs-utils release.
If you are interested in having this patch included please repost
it in a timely matter...
tia,
steved.
>
> Best regards
> Eberhard Kuemmerle
>
> ------------------------------------------------------------------------------------------------
> ------------------------------------------------------------------------------------------------
> Forschungszentrum Juelich GmbH
> 52425 Juelich
> Sitz der Gesellschaft: Juelich
> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
> Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
> Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
> Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
> Prof. Dr. Sebastian M. Schmidt
> ------------------------------------------------------------------------------------------------
> ------------------------------------------------------------------------------------------------
prev parent reply other threads:[~2010-09-27 11:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-27 8:29 Patch proposal for svcgssd Eberhard Kuemmerle
2010-09-27 11:13 ` Steve Dickson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CA07C67.2060201@RedHat.com \
--to=steved@redhat.com \
--cc=E.Kuemmerle@fz-juelich.de \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.