Bug 847620

Summary: [FEAT] NFSv3 Authorization rpcsec_gss + krb5 (cluster aware credential cache)
Product: [Community] GlusterFS Reporter: Krishna Srinivas <ksriniva>
Component: nfsAssignee: GlusterFS Bugs list <gluster-bugs>
Status: CLOSED DEFERRED QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: mainlineCC: aavati, aneil2, bugs, gluster-bugs, ndevos, rmainz, rwheeler
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 864864 (view as bug list) Environment:
Last Closed: 2014-10-25 13:29:34 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 852953, 854182, 864864    

Description Krishna Srinivas 2012-08-13 03:29:52 EDT
Support for rpcsec_gss + krb5 based authentication for NFSv3.
Comment 1 Anand Avati 2012-08-30 01:32:00 EDT
We should not target this specifically for NFSv3. Introducing this auth mode should be usable in RPC between protocol client/server - specifically for usage with gfapi.
Comment 3 Niels de Vos 2014-10-25 13:29:34 EDT
This will be supported when nfs-ganesha is used in combination with Gluster. There currently is no intention to add support for rpcsec_gss/krb5 to Gluster/NFS.
Comment 4 Alastair Neil 2014-10-25 16:30:00 EDT
sorry does this mean there is no intention to provide secure rpc to gluster sharing at all except through third party layers?
Comment 5 Niels de Vos 2014-10-26 05:33:38 EDT
(In reply to Alastair Neil from comment #4)
> sorry does this mean there is no intention to provide secure rpc to gluster
> sharing at all except through third party layers?

This bug/feature was for signed/encrypted support for NFSv3, for which we currently do not have a plan to add. nfs-ganesha is a very feature complete NFS-server and will get more attention to improve support for Gluster.

There is support for SSL encrypted communication between clients and servers (see bug 1114604 for more details). I think a feature request for krb5 signed/encrypted GlusterFS communication would make sense and could get accepted. There does not seem to be such a request yet (or at least I can not find it), so you may want to file a new bug for it against the rpc component:
- https://bugzilla.redhat.com/enter_bug.cgi?product=GlusterFS&component=rpc