Hi Chuck, I'm not convinced that "srchost=" is necessary. I believe that everything that is needed is suppose to be encoded in the "target=" option. I thought target just needed to correctly identify the domain for which authentication is taking place. Then I think more changes should be in nfs-utils to make sure that we find credentials for that particular domain instead of going by the gethostbyname() results. On Fri, May 18, 2018 at 11:39 AM, Chuck Lever <chuck.lever@xxxxxxxxxx> wrote: > I've been experimenting with this series that modifies NFSD to > discover and use the correct GSS service principal when constructing > its NFSv4.0 callback channels. I'm interested in review of this > approach. There are a couple of code comments marked with XXX that > also need some attention. > > The rpc.gssd change mentioned in 1/4 is unremarkable and will be > made available once there is consensus about the kernel changes > in this series. No gssproxy changes are necessary. > > --- > > Chuck Lever (4): > sunrpc: Enable the kernel to specify the hostname part of service principals > sunrpc: Extract target name into svc_cred > nfsd: Use correct credential for NFSv4.0 callback with GSS > nfsd: Remove callback_cred > > > fs/nfsd/nfs4callback.c | 29 ++++---------- > fs/nfsd/nfs4state.c | 17 +++----- > fs/nfsd/state.h | 2 - > include/linux/sunrpc/svcauth.h | 3 + > net/sunrpc/auth_gss/auth_gss.c | 20 ++++++++-- > net/sunrpc/auth_gss/gss_rpc_upcall.c | 70 ++++++++++++++++++++++------------ > 6 files changed, 80 insertions(+), 61 deletions(-) > > -- > Chuck Lever > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
