Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-16630

Improve Kerberos cross-realm trust remapping

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0
    • Lustre 2.16.0
    • 3
    • 9223372036854775807

    Description

      Currently lsvcgssd does have the notion of a "remote user", however its remapping configuration requires listing all users and their UID in a text file (/etc/lustre/idmap.conf)

      It should be possible to call gss_localname() (which in turn would be fed to getpwnam) to resolve usernames. gss_localname goes through the auth_to_local translation rules in krb5.conf and thus can easily be configured by administrators.

      Attachments

        Activity

          [LU-16630] Improve Kerberos cross-realm trust remapping
          pjones Peter Jones added a comment -

          Landed for 2.16

          pjones Peter Jones added a comment - Landed for 2.16
          gerrit Gerrit Updater added a comment -

          "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/50259/
          Subject: LU-16630 sec: improve Kerberos cross-realm trust remapping
          Project: fs/lustre-release
          Branch: master
          Current Patch Set:
          Commit: 3214d4d860e36b6aa07addad9e600fd754fc9149

          gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/50259/ Subject: LU-16630 sec: improve Kerberos cross-realm trust remapping Project: fs/lustre-release Branch: master Current Patch Set: Commit: 3214d4d860e36b6aa07addad9e600fd754fc9149
          gerrit Gerrit Updater added a comment -

          "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50259
          Subject: LU-16630 sec: improve Kerberos cross-realm trust remapping
          Project: fs/lustre-release
          Branch: master
          Current Patch Set: 1
          Commit: c5a054a42b237dd17366dd580b6113493c4a4b1b

          gerrit Gerrit Updater added a comment - "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50259 Subject: LU-16630 sec: improve Kerberos cross-realm trust remapping Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: c5a054a42b237dd17366dd580b6113493c4a4b1b

          People

            sebastien Sebastien Buisson
            sebastien Sebastien Buisson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: