Josephine Palencia
2009-Jul-02 17:21 UTC
[Lustre-devel] Kerb cross-site-forcing back clients to null/plain
OS: Centos 5.2 x86_64 Kernel: 2.6.18-92.1.6 Lustre: 1.9.50 Is there/can there be a mechanism by which kerb auth on the clients both from local & different kerb realm can be forced back to null/plain from krb5n/a/i/p if the remote site''s kerb is not yet ready (properly configured)? I''d rather the filesystem continues to be mounted on the client and indicates it did so auto-reversing back to null/plain instead of just hanging. Thanks, josephin
Nicolas Williams
2009-Jul-27 13:55 UTC
[Lustre-devel] Kerb cross-site-forcing back clients to null/plain
On Thu, Jul 02, 2009 at 01:21:34PM -0400, Josephine Palencia wrote:> Is there/can there be a mechanism by which kerb auth on the > clients both from local & different kerb realm can be forced back to > null/plain from krb5n/a/i/p if the remote site''s kerb is not > yet ready (properly configured)? > > I''d rather the filesystem continues to be mounted on the client and > indicates it did so auto-reversing back to null/plain instead of just > hanging.If a client could "force" a server to disable security features, then there''d be no real security :) If a server gives a client a choice then the client can pick from those choices, but there''s no "forcing" there. So the answer would be "no". And if the issue is that the cluster is misconfigured, well, I''d say that the configuration should be fixed. That said, we should support giving the client a choice of krb5* and null, since that is helpful during deployment. I''ll look into that, though it could well be that Lustre already supports that (I''m new to Lustre). Nico --