Bug 847620
| Summary: | [FEAT] NFSv3 Authorization rpcsec_gss + krb5 (cluster aware credential cache) | |||
|---|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | Krishna Srinivas <ksriniva> | |
| Component: | nfs | Assignee: | GlusterFS Bugs list <gluster-bugs> | |
| Status: | CLOSED DEFERRED | QA Contact: | ||
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | mainline | CC: | aavati, aneil2, bugs, gluster-bugs, ndevos, rmainz, rwheeler | |
| Target Milestone: | --- | Keywords: | FutureFeature | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Enhancement | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 864864 (view as bug list) | Environment: | ||
| Last Closed: | 2014-10-25 17:29:34 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 852953, 854182, 864864 | |||
|
Description
Krishna Srinivas
2012-08-13 07:29:52 UTC
We should not target this specifically for NFSv3. Introducing this auth mode should be usable in RPC between protocol client/server - specifically for usage with gfapi. This will be supported when nfs-ganesha is used in combination with Gluster. There currently is no intention to add support for rpcsec_gss/krb5 to Gluster/NFS. sorry does this mean there is no intention to provide secure rpc to gluster sharing at all except through third party layers? (In reply to Alastair Neil from comment #4) > sorry does this mean there is no intention to provide secure rpc to gluster > sharing at all except through third party layers? This bug/feature was for signed/encrypted support for NFSv3, for which we currently do not have a plan to add. nfs-ganesha is a very feature complete NFS-server and will get more attention to improve support for Gluster. There is support for SSL encrypted communication between clients and servers (see bug 1114604 for more details). I think a feature request for krb5 signed/encrypted GlusterFS communication would make sense and could get accepted. There does not seem to be such a request yet (or at least I can not find it), so you may want to file a new bug for it against the rpc component: - https://bugzilla.redhat.com/enter_bug.cgi?product=GlusterFS&component=rpc |