On Tue, 2012-04-17 at 09:39 -0400, Simo Sorce wrote: > This patchset implements a new upcall mechanism that uses the sunrpc client > to talk to gssproxy[1], a new userspace daemon to handle gssapi operations on > behalf of other processes on the system. > > The main driver for this new mechanism is to overcome limitations with the > current daemon and upcall. The current code cannot handle tickets larger than > approximatively 2k and cannot handle large user credentials set to be set in > the kernel. > > These patches have been tested against the development version of gssproxy > tagged as kernel_v0.1 in the master repo[2]. > > I have tested walking into mountpoints using tickets artificially pumped up to > 64k and the user is properly authorized, after the accept_se_context call is > performed through the new upcall mechanism and gssproxy. > > The gssproxy has the potential of handling also init_sec_context calls, but at > the moment the only targeted system is nfsd. Sorry, forgot to add the [1] and [2] references before sending, here they are: [1] https://fedorahosted.org/gss-proxy/ [2] http://git.fedorahosted.org/git/?p=gss-proxy.git Simo. -- Simo Sorce * Red Hat, Inc * New York -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
