[LU-1621] Disable lustre capa by force Created: 10/Jul/12 Updated: 29/Dec/12 Resolved: 29/Dec/12 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.3.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | nasf (Inactive) | Assignee: | nasf (Inactive) |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Story Points: | 1 | ||||||||
| Severity: | 3 | ||||||||
| Rank (Obsolete): | 6365 | ||||||||
| Description |
|
Lustre capa was introduced since Lustre-2.0, and mainly used for operations authorization and authentication for security. Unfortunately, the original Lustre capa framework had some security holes, and could not work as expectation. And most of later server-side changes ignored the Luster capa process. So there may be probably more security holes related with Lustre capa. On the other hand, Lustre capa will cause some overhead because of capa calculation. Since it does not work as expectation, we should disable Lustre capa by force until new Lustre capa implemented. |
| Comments |
| Comment by nasf (Inactive) [ 11/Jul/12 ] |
|
This is the patch: |
| Comment by Christopher Morrone [ 11/Jul/12 ] |
|
This should likely be landed on b2_1 as well. |
| Comment by nasf (Inactive) [ 29/Dec/12 ] |
|
Since some customers are using security features on Lustre, we will consider to fix caps related issues when we meet them in the future. |