[LU-15267] l_getidentity_nss utility Created: 22/Nov/21 Updated: 13/Sep/23 Resolved: 13/Sep/23 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor |
| Reporter: | Alexander Zarochentsev | Assignee: | Alexander Zarochentsev |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Rank (Obsolete): | 9223372036854775807 | ||||||||
| Description |
|
A group upcall utility based on l_getidentity.c , which can use all system NSS modules as well as lustre-only user/group configuration in plain files keeping Lustre users and groups separate from Linux users/groups on Lustre server's machines for security reasons. |
| Comments |
| Comment by Gerrit Updater [ 22/Nov/21 ] |
|
"Alexander Zarochentsev <alexander.zarochentsev@hpe.com>" uploaded a new patch: https://review.whamcloud.com/45634 |
| Comment by Andreas Dilger [ 29/Nov/21 ] |
|
I'll ask the same question here as in the patch - how is this different than the existing l_getidentity using the built-in /etc/nsswitch.conf support when calling the Glibc getpwuid/getgrouplist to do lookups in LDAP, NIS, SSS? I'm definitely not against improving MDS integration with different authentication schemes, but my main concern is that this duplicates a bunch of code and adds configuration complexity for users, and it isn't yet clear what the benefit is, or whether this needs to be a separate utility, or could be integrated into the existing one? |
| Comment by Andreas Dilger [ 13/Sep/23 ] |
|
Close as a duplicate of |