On 01/07/2010 09:42 AM, Jeff Layton wrote: > Currently if a krb5 context expires, GSSAPI authenticated RPC calls > start returning error (-EACCES in particular). This is bad when someone has > a long running job that's doing filesystem ops on a krb5 authenticated NFS > mount and just happens to forget to redo a 'kinit' in time. > > The existing gssd always does a downcall with a '-1' error code if there > are problems, and the kernel always ignores this error code. Begin to > fix this by having gssd distinguish between someone that has no > credcache at all, and someone who has an expired one. In the case where > there is an existing credcache, have gssd downcall with an error code of > -EKEYEXPIRED. If there's not a credcache, then downcall with an error of > -EACCES. > > We can then have the kernel use this error code to handle these > situations differently. > Committed... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
