On Fri, 2018-05-18 at 14:53 -0400, Olga Kornievskaia wrote: > Hi Chuck, > > I'm not convinced that "srchost=" is necessary. I believe that > everything that is needed is suppose to be encoded in the "target=" > option. > > I thought target just needed to correctly identify the domain for > which authentication is taking place. Then I think more changes should > be in nfs-utils to make sure that we find credentials for that > particular domain instead of going by the gethostbyname() results. What do you mean by "domain" here? Realm or hostname ? What if the multihomed service is part of multiple realms and even serves with multiple different hostnames ? Simo. > > On Fri, May 18, 2018 at 11:39 AM, Chuck Lever <chuck.lever@xxxxxxxxxx> wrote: > > I've been experimenting with this series that modifies NFSD to > > discover and use the correct GSS service principal when constructing > > its NFSv4.0 callback channels. I'm interested in review of this > > approach. There are a couple of code comments marked with XXX that > > also need some attention. > > > > The rpc.gssd change mentioned in 1/4 is unremarkable and will be > > made available once there is consensus about the kernel changes > > in this series. No gssproxy changes are necessary. > > > > --- > > > > Chuck Lever (4): > > sunrpc: Enable the kernel to specify the hostname part of service principals > > sunrpc: Extract target name into svc_cred > > nfsd: Use correct credential for NFSv4.0 callback with GSS > > nfsd: Remove callback_cred > > > > > > fs/nfsd/nfs4callback.c | 29 ++++---------- > > fs/nfsd/nfs4state.c | 17 +++----- > > fs/nfsd/state.h | 2 - > > include/linux/sunrpc/svcauth.h | 3 + > > net/sunrpc/auth_gss/auth_gss.c | 20 ++++++++-- > > net/sunrpc/auth_gss/gss_rpc_upcall.c | 70 ++++++++++++++++++++++------------ > > 6 files changed, 80 insertions(+), 61 deletions(-) > > > > -- > > Chuck Lever > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
