[#LU-16758] Consider Kerberos machine principal for use in Lustre client

[LU-16758] Consider Kerberos machine principal for use in Lustre client Created: 21/Apr/23 Updated: 16/May/23 Resolved: 09/May/23
Status:	Resolved
Project:	Lustre
Component/s:	None
Affects Version/s:	Lustre 2.16.0
Fix Version/s:	Lustre 2.16.0

Type:

Bug

Priority:

Minor

Reporter:

Sebastien Buisson

Assignee:

Sebastien Buisson

Resolution:

Fixed

Votes:

Labels:

kerberos, patch, sec

Issue Links:

Related

Severity:

Rank (Obsolete):

9223372036854775807

Description

Currently Lustre clients rely on the lustre_root/<hostname>@REALM principal to authenticate.
Consider supporting the more standard Kerberos machine principal (i.e. host/<hostname>@REALM) as well to avoid the need for additional keytab entries.
This would bring Lustre in line with other services such as OpenSSH and NFS.

Comments

Comment by Gerrit Updater [ 21/Apr/23 ]

"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50709
Subject: ~~LU-16758~~ krb: use Kerberos machine principal in client
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 939e08cd732cbad19e376ead739112921f961fa3

Comment by Gerrit Updater [ 09/May/23 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/50709/
Subject: ~~LU-16758~~ krb: use Kerberos machine principal in client
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 74890266a39297c1c3a41263a7bfd86e0d8e426a

Comment by Peter Jones [ 09/May/23 ]

Landed for 2.16

Generated at Sat Feb 10 03:29:45 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.

[LU-16758] Consider Kerberos machine principal for use in Lustre client Created: 21/Apr/23 Updated: 16/May/23 Resolved: 09/May/23