[PATCH 11/28] Add new pipefs file indicating which Kerberos enctypes the kernel supports
Trond Myklebust
Trond.Myklebust at netapp.com
Mon Mar 31 17:55:13 EDT 2008
On Mon, 2008-03-31 at 17:42 -0400, J. Bruce Fields wrote:
> On Mon, Mar 31, 2008 at 10:31:49AM -0400, Kevin Coffman wrote:
> > New file, krb5_info, indicates which Kerberos encryption types are
> > supported by the kernel rpcsecgss code. This is used by gssd to
> > determine which encryption types it should attempt to negotiate
> > when creating a context with a server.
> >
> > The server principal's database and keytab encryption types are
> > what limits what it should negotiate. Therefore, its keytab
> > should be created with only the enctypes listed by this file.
>
> OK, the layering violations in the current implementation aside, Trond,
> do we want this sort of information in a krb5_info file in rpc_pipefs,
> or is this another thing that should go into the upcall?
I'm not overly fond of having Krb-specific stuff in the generic
rpc_pipefs code. The correct way to deal with this seems to be either to
put it in the upcall, as you suggest, or to give the rpcsec layer the
ability to create and manage this info file.
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust at netapp.com
www.netapp.com
More information about the NFSv4
mailing list