Details
-
Technical task
-
Resolution: Fixed
-
Major
-
Lustre 2.3.0, Lustre 2.4.0, Lustre 2.5.0
-
any
-
3
-
8142
Description
Lustre's autoconf scripts require Kerberos to be installed when --enable-gss is specified. Currently, only the Kerberos GSSAPI mechanism supported by Lustre, but others are planned in the future, such as those being developed for shared key authentication (project SFS-DEV-001.2). GSSAPI is meant to allow calling code to be mechanism-agnostic, so requiring Kerberos defeats that purpose.
The definition of the LC_CONFIG_GSS macro in lustre/autoconf/lustre-core.m4 unconditionally calls AC_KERBEROS_V5 from lustre/autoconf/kerberos.m4, which fails when Kerberos isn't found:
dnl We didn't find a usable Kerberos environment
if test "x$KRBDIR" = "x"; then
if test "x$krb5_with" = "x"; then
AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
else
AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
fi
fi
AC_MSG_RESULT($KRBDIR)
This macro ought to instead note the location of the Kerberos headers and libraries but not result in a fatal error if they don't exist. I don't know if this approach will result in link-time or runtime errors that would also need to be corrected.
Ubuntu also needs GSS libraries:
configure: error: libkeyutils is not found, which is required by gss keyring backend
