Re: [PATCH] Don't hang user processes if Kerberos ticket for nfs4 mount expires

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Jeff Layton <jlayton@redhat.com>
To: Jim Rees <rees@umich.edu>
Cc: John Hughes <john@calvaedi.com>,
	Trond Myklebust <trond.myklebust@netapp.com>,
	linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Don't hang user processes if Kerberos ticket for nfs4 mount expires
Date: Wed, 16 Nov 2011 20:31:19 -0500	[thread overview]
Message-ID: <20111116203119.1d9c0dd6@corrin.poochiereds.net> (raw)
In-Reply-To: <20111116234434.GA12882@umich.edu>

On Wed, 16 Nov 2011 18:44:34 -0500
Jim Rees <rees@umich.edu> wrote:

> Jeff Layton wrote:
> 
>   Uhhh, no...EKEYEXPIRED was never passed to userland. The patchset that
>   added EKEYEXPIRED returns in this codepath also added the code to make
>   it hang. 
>   
>   This not a bug, or at least it's intentional behavior. When a krb5
>   ticket expires, we *want* the process to hang. Otherwise, people with
>   long running jobs will often find that their jobs error out
>   inexplicably when their ticket expires.
> 
> Who decided that?  This seems completely wrong to me.  If my credentials
> expire, I want to get permission denied, not a client hang.  In 20 years of
> using authenticated file systems I never once wished my process had hung
> when my ticket expired.
> 

I proposed it, we discussed it on the list, and Trond and Steve
committed the patches necessary to make it happen. This was back in
late 2009/early 2010 though, so my memory is a bit fuzzy...

> Why should this be any different from any other failure condition?  If you
> try to open a file that doesn't exist, do you want your process to hang
> instead of getting ENOENT, just in case the file magically appears at some
> point in the future?
>

That's different. Not renewing your credentials is often a temporary
situation. Kerberos is different than other authentication methods in
that you get a ticket only for a period of time, so expired credentials
are not a situation that's common with other authentication methods.

> This seems a recipe for disaster.  Suppose I have a cron job that fires once
> a minute, and all those jobs hang waiting for a ticket.  I come to work in
> the morning and discover I've got 10,000 hung processes.  Or not, because my
> computer has crashed from resource exhaustion.

The previous situation was also a recipe for disaster, and was often
cited as a primary reason why people didn't want to deploy kerberized
NFS. Having everything fall down and go boom when your ticket expires
is not desirable either.

I suppose we'll have to agree to disagree on this point. That said, I'm
open to sane suggestions however that don't regress the behavior for
those users who need to be able to cope with expired tickets.

-- 
Jeff Layton <jlayton@redhat.com>

next prev parent reply	other threads:[~2011-11-17  1:30 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-16 18:14 [PATCH] Don't hang user processes if Kerberos ticket for nfs4 mount expires John Hughes
2011-11-16 19:47 ` Jeff Layton
2011-11-16 23:44   ` Jim Rees
2011-11-17  1:31     ` Jeff Layton [this message]
2011-11-17  1:38       ` Jeff Layton
2011-11-17 11:05         ` John Hughes
2011-11-17 13:13           ` John Hughes
2011-11-17 21:46             ` Jeff Layton
2011-11-18  1:51               ` Jim Rees
2011-11-18  2:03                 ` Jeff Layton
     [not found]               ` <4EC62325.1060009@Calva.COM>
2011-11-18 12:50                 ` Jim Rees
2011-11-17  1:46       ` Matt W. Benjamin
2011-11-17  9:37   ` John Hughes
  -- strict thread matches above, loose matches on Subject: below --
2011-11-18 17:16 Myklebust, Trond
2011-11-18 17:54 ` Jim Rees
2011-11-18 18:23   ` Trond Myklebust

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20111116203119.1d9c0dd6@corrin.poochiereds.net \
    --to=jlayton@redhat.com \
    --cc=john@calvaedi.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=rees@umich.edu \
    --cc=trond.myklebust@netapp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox