Re: [NFS] NFS/krb and batch jobs - doable? - raini-9HxftnAiGddWk0Htik3J/w

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: raini-9HxftnAiGddWk0Htik3J/w@public.gmane.org
To: "Jeff Layton" <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [NFS] NFS/krb and batch jobs - doable?
Date: Tue, 13 Oct 2009 08:28:52 -0700	[thread overview]
Message-ID: <ee56329e7d86a3e4b15001a39bb7e14a.squirrel@webmail.rainiday.com> (raw)
In-Reply-To: <20091010090039.4dfd1dfb-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>

Jeff Layton <jlayton@redhat.com> said:
>> Just to be clear - you mean doable to a coder who might like to improve
>> on
>> gssd/kernel credential separation, rather than a non-coding sysadmin who
>> needs with work within the current NFS/gssd framework?
>>
>
> Correct, that's what I mean. It'll mean modifying kernel and rpc.gssd
> code.

Thanks for confirming.  Skipping back a little:

>> > No, gssd (the client side daemon) will search /tmp for anything that
>> > looks like a credcache for the right user, verify that it is a
>> > credcache and then pick the one with the latest TGT expiration.

Kevin Coffman on the NFS4 list actually implied this used simple mtime
rather than actually scanning /tmp/krb5cc_uid* for ccache files with the
latest TGT expiration, which is how I originally read your statement. 
This seemingly would make a difference in an environment with a batch job
with a long lifetime ticket and subsequent interactive login generating a
separate ccache file with a shorter lifetime but newer mtime.

I'm not a coder but I scanned krb5_util.c in the gssd code, and it *seems*
to me it only looks at mtime, although what you suggest would be more
optimal.  Could you confirm whether it's scanning ccache files for longest
TGT, or just using mtime?

next prev parent reply	other threads:[~2009-10-13 15:29 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-09 15:15 [NFS] NFS/krb and batch jobs - doable? raini-9HxftnAiGddWk0Htik3J/w
     [not found] ` <c8e974302190b867ad8ea49d8158f1db.squirrel-2RFepEojUI30fF+2cCIZ11aTQe2KTcn/@public.gmane.org>
2009-10-09 16:16   ` Jeff Layton
     [not found]     ` <20091009121602.5ec86dfb-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2009-10-09 16:53       ` raini-9HxftnAiGddWk0Htik3J/w
     [not found]         ` <1c358fde92c49215d84129a1bfe2c6ec.squirrel-2RFepEojUI30fF+2cCIZ11aTQe2KTcn/@public.gmane.org>
2009-10-10 13:00           ` Jeff Layton
     [not found]             ` <20091010090039.4dfd1dfb-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2009-10-13 15:28               ` raini-9HxftnAiGddWk0Htik3J/w [this message]
     [not found]                 ` <ee56329e7d86a3e4b15001a39bb7e14a.squirrel-2RFepEojUI30fF+2cCIZ11aTQe2KTcn/@public.gmane.org>
2009-10-13 15:44                   ` Jeff Layton
     [not found]                     ` <20091013114441.2882c8b9-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2009-10-13 15:51                       ` Kevin Coffman
2009-10-13 16:56                         ` Trond Myklebust
2009-10-13 17:27                           ` Jeff Layton
     [not found]                             ` <20091013132701.72927b4d-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2009-10-13 17:51                               ` Trond Myklebust
2009-10-13 18:03                                 ` Jeff Layton
2009-10-14 16:47                                   ` raini
2009-10-14 17:12                                     ` Trond Myklebust
2009-10-14 18:19                                     ` Kevin Coffman
2009-10-13 15:59                     ` raini
2009-10-13 17:31                       ` Jeff Layton
2009-10-13 17:52                         ` Jeff Layton
2009-10-14 17:00                         ` raini
2009-10-14 17:21                           ` Jeff Layton
     [not found]     ` <f99e65f7b2fe66fc32dee931fd6bd525.squirrel@webmail.rainiday.com>
     [not found]       ` <f99e65f7b2fe66fc32dee931fd6bd525.squirrel-2RFepEojUI30fF+2cCIZ11aTQe2KTcn/@public.gmane.org>
2009-10-09 17:05         ` raini-9HxftnAiGddWk0Htik3J/w

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ee56329e7d86a3e4b15001a39bb7e14a.squirrel@webmail.rainiday.com \
    --to=raini-9hxftnaigddwk0htik3j/w@public.gmane.org \
    --cc=jlayton@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox