On May 15, 2013, at 1:48 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
> On Wed, May 15, 2013 at 01:42:58PM -0400, Chuck Lever wrote:
>>
>> On May 15, 2013, at 1:39 PM, "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote:
>>
>>> By the way, have you looked at SP4_MACH_CRED at all yet? It's a
>>> selfish question (I could use something to test against), but I
>>> think it's also what you want if you want krb5i-protected 4.1 state.
>>
>> I asked about that recently and was told SP4_MACH_CRED was going the
>> way of the do do
>
> Do you remember who said that? Is the discussion on line somewhere?
No, I mis-remembered. I was thinking of SP4_SSV.
>
>> (or did I misunderstand the response from the floor?).
>>
>> I'm certainly open to exploring other solutions, but I do want to be
>> practical about it. Will it be supported on other servers besides
>> Linux? Does SP4_MACH_CRED help for NFSv4.0?
>
> I haven't tested other servers. It's a 4.1-only feature.
SP4_MACH_CRED for 4.1 appears useful, but I think we would need to consider:
o whether SP4_MACH_CRED is a broadly implemented feature where Linux
clients can rely on it being there in typical environments
o how to address the "no keytab" issue for NFSv4.0, which does not
have SP4_MACH_CRED (that I am aware of)
Andy is probably more interested in seeing SP4_MACH_CRED implemented in the Linux client, as it is one solution for the "user cred expired while there is still dirty data in the client's page cache" problem, I think.
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
