All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jeremy Filizetti <jeremy.filizetti@gmail.com>
To: lustre-devel@lists.lustre.org
Subject: [lustre-devel] Fwd: proposed version change for PTLRPC GSS
Date: Tue, 24 Mar 2015 16:15:25 -0400	[thread overview]
Message-ID: <CAC2+cFip2cDfT1xAKvo+QKEr2oVnx0iQxTC8D1vDMNXyDtY-pQ@mail.gmail.com> (raw)
In-Reply-To: <CAC2+cFgRWEEALvwhOiSdhiapkvE=VeeiZ_KeNihud0bxN8y2ew@mail.gmail.com>

I'm sending to lustre-devel for wider distribution/comment.

---------- Forwarded message ----------
From: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Date: Mon, Mar 23, 2015 at 9:34 PM
Subject: proposed version change for PTLRPC GSS
To: "iudev at lists.opensfs.org" <iudev@lists.opensfs.org>


On the phone call last week we discussed an increment of the
PTLRPC_GSS_VERSION to version 2 to allow some changes
changes/restructuring.  No one had any objections on the phone call but I
wanted to send it out for wider distribution and feedback.

Changing the request format would allow us to support larger GSS token
sizes which today are limited (see ticket LU-3855).   From what I have
looked through so far the following seems to allow for larger tokens and
also allow some of these changes without having to worry about backwards
compatibility since it was never really "working" anyways.

Change PTLRPC_GSS_VERSION to 2

Enlarge GSS_CTX_INIT_MAX_LEN to something larger then 1024.   Ideally we
would support MaxTokenSize of 64k for the largest active directory ticket:
(see
http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
).
The purpose of enlarging this is to support larger tokens.  The
sizeof(struct rsi) needs to remain under PAGE_SIZE right now with
rsi_request calling sunrpc_cache_pipe_upcall.  Since there is only one
lsvcgssd process supposed to be running maybe it would be acceptable to use
larger requests and just slightly modify rsi_request to incorporate must of
the functionality of sunrpc_cache_pipe_upcall.

To keep things simple with the lsvcgssd and continue to use a single
channel proc file interface I'd like to AND the GSS subflavor onto most
significant bits of lustre_svc in struct rsi.  Instead of calling the
inappropriately named handle_nullreq things would be changed to handle the
multiple subflavors (gssnull, sk, krb5).  gssnull and sk won't have a full
userspace component so gss_accept_sec_context can't be called.

Thoughts welcome.  I'm sure I missed something along the way here but this
is just what I have looked at so far.

Thanks,
Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20150324/6879d571/attachment.htm>

       reply	other threads:[~2015-03-24 20:15 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAC2+cFgRWEEALvwhOiSdhiapkvE=VeeiZ_KeNihud0bxN8y2ew@mail.gmail.com>
2015-03-24 20:15 ` Jeremy Filizetti [this message]
     [not found] ` <55111C81.5010009@bull.net>
     [not found]   ` <D13891F9.E8187%andreas.dilger@intel.com>
2015-03-27  8:45     ` [lustre-devel] [Iudev] proposed version change for PTLRPC GSS Sebastien Buisson
2015-04-16 18:29       ` Nathan Rutman
2015-04-16 18:38         ` Sebastien Buisson
2015-04-21 19:46           ` Nathan Rutman
2015-07-09 14:06             ` Nunez, James A
2015-07-09 15:34               ` Sebastien Buisson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAC2+cFip2cDfT1xAKvo+QKEr2oVnx0iQxTC8D1vDMNXyDtY-pQ@mail.gmail.com \
    --to=jeremy.filizetti@gmail.com \
    --cc=lustre-devel@lists.lustre.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.