Re: [NFS] NFS/krb and batch jobs - doable?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 14 Oct 2009 10:00:59 -0700
raini@xxxxxxxxxxxx wrote:

> > On Tue, 13 Oct 2009 08:59:29 -0700
> > raini@xxxxxxxxxxxx wrote:
> >
> >> > You and Kevin are correct. rpc.gssd only looks at the mtime. When I
> >> did
> >> > the work to allow the CIFS SPNGEO upcall to find alternate credcaches,
> >> > I implemented the behavior I described (prefer the latest TGT
> >> > expiration) -- sorry for the confusion...
> >> >
> >> > It probably wouldn't be too hard to change rpc.gssd to prefer
> >> > credcaches with the latest TGT expiration if it was considered a
> >> > desirable change.
> >> >
> >> > Kevin, any thoughts?
> >>
> >> This would be a big plus from me - I still wouldn't be able to create
> >> per-job ccaches of course, but if a user who knew they needed to run a
> >> job
> >> could create a long lifetime renewable ticket in
> >> /tmp/krb5cc_<uid>_batch,
> >> say, and NFS would use this in preference to a later login ticket, this
> >> would really help.
> >
> > Ok, here's a proposed patch...only compile-tested so far. I don't have
> > time at the moment to test it more extensively so if you could test it
> > out and report back, that would be helpful.
> 
> Thanks Jeff - this looks extremely useful, caveat my other comment (and
> perhaps lack of understanding) on the list today about what's happened in
> recent nfs-utils which I'd like to clarify.
> 
> I may have trouble testing this in the short term as I'm largely bound to
> production environments - but will get to back to you if I can.
> 

Actually...I'm not convinced that it is that useful. As Trond pointed
out, when the credentials expire, the kernel should upcall for new
creds. As long as there is a valid TGT in a credcache for that user
somewhere then it should just pick up that one and keep humming along.
If that's not working for some reason then that's likely a bug.

-- 
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux