Red Hat Bugzilla – Full Text Bug Listing
|Summary:||[FEAT] NFSv3 Authorization rpcsec_gss + krb5 (cluster aware credential cache)|
|Product:||[Community] GlusterFS||Reporter:||Krishna Srinivas <ksriniva>|
|Component:||nfs||Assignee:||GlusterFS Bugs list <gluster-bugs>|
|Status:||CLOSED DEFERRED||QA Contact:|
|Version:||mainline||CC:||aavati, aneil2, bugs, gluster-bugs, ndevos, rmainz, rwheeler|
|Fixed In Version:||Doc Type:||Enhancement|
|Doc Text:||Story Points:||---|
|:||864864 (view as bug list)||Environment:|
|Last Closed:||2014-10-25 13:29:34 EDT||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||852953, 854182, 864864|
Description Krishna Srinivas 2012-08-13 03:29:52 EDT
Support for rpcsec_gss + krb5 based authentication for NFSv3.
Comment 1 Anand Avati 2012-08-30 01:32:00 EDT
We should not target this specifically for NFSv3. Introducing this auth mode should be usable in RPC between protocol client/server - specifically for usage with gfapi.
Comment 3 Niels de Vos 2014-10-25 13:29:34 EDT
This will be supported when nfs-ganesha is used in combination with Gluster. There currently is no intention to add support for rpcsec_gss/krb5 to Gluster/NFS.
Comment 4 Alastair Neil 2014-10-25 16:30:00 EDT
sorry does this mean there is no intention to provide secure rpc to gluster sharing at all except through third party layers?
Comment 5 Niels de Vos 2014-10-26 05:33:38 EDT
(In reply to Alastair Neil from comment #4) > sorry does this mean there is no intention to provide secure rpc to gluster > sharing at all except through third party layers? This bug/feature was for signed/encrypted support for NFSv3, for which we currently do not have a plan to add. nfs-ganesha is a very feature complete NFS-server and will get more attention to improve support for Gluster. There is support for SSL encrypted communication between clients and servers (see bug 1114604 for more details). I think a feature request for krb5 signed/encrypted GlusterFS communication would make sense and could get accepted. There does not seem to be such a request yet (or at least I can not find it), so you may want to file a new bug for it against the rpc component: - https://bugzilla.redhat.com/enter_bug.cgi?product=GlusterFS&component=rpc