In Lustre, GSS authentication is composed of an RPCSEC init request, followed by an RPCSEC context request. At the end of the process, an authentication context is established between 2 peers, and this context is associated with an 'rsc' cache entry.

The original RPCSEC init is also kept in cache. While this is useful when processing the request, it is never used again once the request has been handled completely.

Keeping entries in this 'rsi' cache has some impact on authentication speed. Indeed, the cache spreads out entries according to their hash, and then all entries with the same hash are put in a linked list. When a new RPCSEC init request is received, the first step is to check if there is a valid matching entry in the cache. It is never the case, except if an authentication request is replayed, but GSS rejects that anyway.

So on a file system with many clients, we spend quite some time browsing a list from which we expect no match. Even if the upcall cache mechanism takes this lookup opportunity to remove invalid or expired entries, it would be even better to remove cache entries as soon as we know they are done.