On May 15, 2013, at 1:48 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > On Wed, May 15, 2013 at 01:42:58PM -0400, Chuck Lever wrote: >> >> On May 15, 2013, at 1:39 PM, "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote: >> >>> By the way, have you looked at SP4_MACH_CRED at all yet? It's a >>> selfish question (I could use something to test against), but I >>> think it's also what you want if you want krb5i-protected 4.1 state. >> >> I asked about that recently and was told SP4_MACH_CRED was going the >> way of the do do > > Do you remember who said that? Is the discussion on line somewhere? No, I mis-remembered. I was thinking of SP4_SSV. > >> (or did I misunderstand the response from the floor?). >> >> I'm certainly open to exploring other solutions, but I do want to be >> practical about it. Will it be supported on other servers besides >> Linux? Does SP4_MACH_CRED help for NFSv4.0? > > I haven't tested other servers. It's a 4.1-only feature. SP4_MACH_CRED for 4.1 appears useful, but I think we would need to consider: o whether SP4_MACH_CRED is a broadly implemented feature where Linux clients can rely on it being there in typical environments o how to address the "no keytab" issue for NFSv4.0, which does not have SP4_MACH_CRED (that I am aware of) Andy is probably more interested in seeing SP4_MACH_CRED implemented in the Linux client, as it is one solution for the "user cred expired while there is still dirty data in the client's page cache" problem, I think. -- Chuck Lever chuck[dot]lever[at]oracle[dot]com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html