On 11/23/2011 10:24 AM, Steve Dickson wrote: > In working with the new idmapper, it became very apparent that > keys created from bad id mapping were very persistent and were > not easy disposed of. Unlike with rpc.idmapd, to git rid > of bad id mapping one just needed to restart the daemon. > > So I've added some functionality to the nfsidmap command > that will allow admins to: > > - remove all the keys on the keyring. > - remove a particular key from the keying. > > The intention is to allow admins a way to clean up the id > name space when name resolution mechanisms, like NIS or LDAP, > fail and leave a large number (or small number) of id mapping > pointing to nobody. > > Note, for the second patch to work, there need to be a small > kernel patch that will change the per-key permissions to > allow root to revoke them. > > Version 2: > - Added the fclose() calls as requested by the code review > Version 3: > - Confined the -c flag to only remove keys from the id_resolver keyring. Committed... steved. > > Steve Dickson (2): > nfsidmap: Allow keys to be cleared from the keyring > nfsidmap: Allow a particular key to be revoked. > > utils/nfsidmap/nfsidmap.c | 148 +++++++++++++++++++++++++++++++++++++++++-- > utils/nfsidmap/nfsidmap.man | 25 +++++++- > 2 files changed, 167 insertions(+), 6 deletions(-) > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
