From: Chuck Lever <chuck.lever@oracle.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: "Myklebust, Trond" <Trond.Myklebust@netapp.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Steve Dickson <steved@redhat.com>
Subject: Re: [PATCH v2 3/3] nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call
Date: Wed, 13 Nov 2013 12:05:06 -0500 [thread overview]
Message-ID: <081CCF9F-A3BC-46AB-831F-22B002734C7F@oracle.com> (raw)
In-Reply-To: <20131113112050.381708de@corrin.poochiereds.net>
On Nov 13, 2013, at 11:20 AM, Jeff Layton <jlayton@redhat.com> wrote:
> On Wed, 13 Nov 2013 11:10:52 -0500
> Chuck Lever <chuck.lever@oracle.com> wrote:
>
>>
>> On Nov 13, 2013, at 11:09 AM, Jeff Layton <jlayton@redhat.com> wrote:
>>>
>>> So to clarify...today we do this when gssd isn't running and we try an
>>> AUTH_GSS mount:
>>>
>>> - attempt SETCLIENTID with krb5i
>>> - when that fails, log a warning to ring buffer
>>> - attempt SETCLIENTID with AUTH_SYS
>>> - attempt rest of mount with krb5i
>>
>> Hold it. This step should not be happening. Lease management should try krb5i by default, but why is the rest of the mount attempted with krb5i?
>>
>
> Sorry, I should have been more clear...the rest of the mount is
> attempted with krb5i because sec=krb5i was specified on the command
> line.
>
> IOW, this patch just shortcuts attempting to do the lease
> establishment with krb5i when we know that that will fail. The main
> benefit being that we don't end up logging a warning about AUTH_GSS not
> running in that case.
>
> The warning will be logged if/when a later call attempts to use GSSAPI.
Just a thought: The usual way we have of dealing with problems like this is WARN_ONCE() (or a user space equivalent).
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
next prev parent reply other threads:[~2013-11-13 17:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-13 14:30 [PATCH v2 0/3] sunrpc/nfs: more reliable detection of running gssd Jeff Layton
2013-11-13 14:30 ` [PATCH v2 1/3] sunrpc: create a new dummy pipe for gssd to hold open Jeff Layton
2013-11-13 14:30 ` [PATCH v2 2/3] sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check Jeff Layton
2013-11-13 14:30 ` [PATCH v2 3/3] nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call Jeff Layton
2013-11-13 14:38 ` Chuck Lever
2013-11-13 14:48 ` Myklebust, Trond
2013-11-13 15:14 ` Chuck Lever
2013-11-13 15:35 ` Jeff Layton
2013-11-13 15:49 ` Myklebust, Trond
2013-11-13 15:57 ` Jeff Layton
2013-11-13 16:09 ` Jeff Layton
2013-11-13 16:10 ` Chuck Lever
2013-11-13 16:20 ` Jeff Layton
2013-11-13 17:05 ` Chuck Lever [this message]
2013-11-13 16:12 ` Chuck Lever
2013-11-13 16:57 ` Chuck Lever
2013-11-14 19:26 ` [PATCH v2 0/3] sunrpc/nfs: more reliable detection of running gssd J. Bruce Fields
2013-11-14 20:35 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=081CCF9F-A3BC-46AB-831F-22B002734C7F@oracle.com \
--to=chuck.lever@oracle.com \
--cc=Trond.Myklebust@netapp.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).