Lustre-devel archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Nathaniel Rutman <Nathan.Rutman@Sun.COM>
To: lustre-devel@lists.lustre.org
Subject: [Lustre-devel] Security configuration
Date: Thu, 05 Mar 2009 10:05:22 -0800	[thread overview]
Message-ID: <49B01462.1020001@sun.com> (raw)
In-Reply-To: <014901c9913f$94f0b560$bed22020$@com>

Eric Barton wrote:
> Nathan,
>
> We'd like to be able to describe a set of nodes and say that
> as far as security is concerned, they are all equivalent - i.e. if
> an MDT authorizes eeb at node1 to perform a certain action, then
> eeb at nodex is implicitly authorized provided node1 and nodex are in
> the same set.
>
> Leaving aside for now, the question of how the sets are described
> (they could be whole LNETs or whole Kerberos realms, or NID lists),
> is the MGS the right place to stash this config?
>   
Yes, I think the MGS is the right place to stash any config.
FWIW we're pretty seriously thinking about removing all the distributed 
configuration we can (mkfs/tunefs.lustre settings and module parameters) 
and concentrating it all on the MGS node in a text-based config file.   
Exceptions would have to be made for the network setup, so that everyone 
could talk to the MGS -- so lnet networks and MGS nids would still have 
to be stored locally.

      parent reply	other threads:[~2009-03-05 18:05 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-02-17 20:37 [Lustre-devel] Security configuration Eric Barton
2009-02-18 23:19 ` Nicolas Williams
2009-03-05 18:05 ` Nathaniel Rutman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49B01462.1020001@sun.com \
    --to=nathan.rutman@sun.com \
    --cc=lustre-devel@lists.lustre.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox