In working with the new idmapper, it became very apparent that
keys created from bad id mapping were very persistent and were
not easy disposed of. Unlike with rpc.idmapd, to git rid
of bad id mapping one just needed to restart the daemon.
So I've added some functionality to the nfsidmap command
that will allow admins to:
- remove all the keys on the keyring.
- remove a particular key from the keying.
The intention is to allow admins a way to clean up the id
name space when name resolution mechanisms, like NIS or LDAP,
fail and leave a large number (or small number) of id mapping
pointing to nobody.
Note, for the second patch to work, there need to be a small
kernel patch that will change the per-key permissions to
allow root to revoke them.
Steve Dickson (2):
nfsidmap: Allow all keys to clear on the keyring
nfsidmap: Allow a particular key to be revoked.
utils/nfsidmap/nfsidmap.c | 138 +++++++++++++++++++++++++++++++++++++++++--
utils/nfsidmap/nfsidmap.man | 27 ++++++++-
2 files changed, 159 insertions(+), 6 deletions(-)
--
1.7.7
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
