In working with the new idmapper, it became very apparent that
keys created from bad id mapping were very persistent and were
not easy disposed of. Unlike with rpc.idmapd, to git rid
of bad id mapping one just needed to restart the daemon.
So I've added some functionality to the nfsidmap command
that will allow admins to:
- remove all the keys on the keyring.
- remove a particular key from the keying.
The intention is to allow admins a way to clean up the id
name space when name resolution mechanisms, like NIS or LDAP,
fail and leave a large number (or small number) of id mapping
pointing to nobody.
Note, for the second patch to work, there need to be a small
kernel patch that will change the per-key permissions to
allow root to revoke them.
Version 2:
- Added the fclose() calls as requested by the code review
Version 3:
- Confined the -c flag to only remove keys from the id_resolver keyring.
Steve Dickson (2):
nfsidmap: Allow keys to be cleared from the keyring
nfsidmap: Allow a particular key to be revoked.
utils/nfsidmap/nfsidmap.c | 148 +++++++++++++++++++++++++++++++++++++++++--
utils/nfsidmap/nfsidmap.man | 25 +++++++-
2 files changed, 167 insertions(+), 6 deletions(-)
--
1.7.7
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
