Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-9220] Support Kerberos authentication from unprivileged container https://jira.whamcloud.com/browse/LU-9220 Lustre <p>When a container runs unprivileged, it cannot access to /proc. However, Kerberos authentication in Lustre requires lgss_keyring to write (ioctl) to /proc/fs/lustre/sptlrpc/gss/init_channel, in order to do credentials negotiation.</p> <p>The solution to support Kerberos authentication from unprivileged container is to delegate this ioctl (and only this part of the authentication process) to a parent thread that does not run in the container's namespace.</p> <p>I will post a patch with my proposal.<br/> Thanks,<br/> Sebastien.</p> LU-9220 Support Kerberos authentication from unprivileged container Improvement Minor Resolved Fixed John Hammond Sebastien Buisson Thu, 16 Mar 2017 15:51:00 +0000 Wed, 19 Jul 2017 04:10:28 +0000 Wed, 19 Jul 2017 04:10:28 +0000 Lustre 2.9.0 Lustre 2.11.0 0 4 <p>Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: <a href="https://review.whamcloud.com/26035" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/26035</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9220" title="Support Kerberos authentication from unprivileged container" class="issue-link" data-issue-key="LU-9220"><del>LU-9220</del></a> gss: support Kerberos auth from unprivileged container<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 3c49f6d16c8989489f93d007b296c86611e4dfa8</p> <p>John</p> <p>Could you please review this patch?</p> <p>Thanks</p> <p>Peter</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="https://review.whamcloud.com/26035/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/26035/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9220" title="Support Kerberos authentication from unprivileged container" class="issue-link" data-issue-key="LU-9220"><del>LU-9220</del></a> gss: support Kerberos auth from unprivileged container<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: dd3e456294cd634c5491500c66946b4f67606745</p> <p>Landed for 2.11</p> Development Rank 1|hzz7af: Rank (Obsolete) 9223372036854775807