Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-14538

Make namespace support optional in lgss_keyring

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.15.0
    • Lustre 2.15.0
    • 3
    • 9223372036854775807

    Description

      When strong authentication such as Kerberos or SSK is enabled, Lustre is able to support different namespaces in credentials retrieval, thanks to namespace switching in lgss_keyring. This is useful when different tenants have their own credentials installed inside containers, because in this case the authentication process must use credentials from the containers, and not from the host.

      However, there are situations where containers are not used for multi-tenancy support, and the authentication workflow only involves credentials installed on the host. In that case, letting Lustre manipulate namespaces can get confusing, and we should be able to deactivate namespace support in lgss_keyring if the authentication workflow does not require it.

      Attachments

        Activity

          People

            sebastien Sebastien Buisson
            sebastien Sebastien Buisson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: