[Lustre-devel] security: rpc message vs bulk data

Eric Mei Eric.Mei at Sun.COM
Tue Aug 5 11:12:49 PDT 2008


Currently we use different security transformation: on RPC message we 
use gssapi/kerberos; on bulk data we use separate hash + cipher 
mechanism. And to some extend the 2 parts can be configured 
independently. For example, you can use "krb5p" on RPC message while use 
some light-weight hash/cipher on bulk data for performance or whatever 

Now we're thinking about using gssapi for both RPC and bulk data. But 
this way we won't be able to configure them separately. What we're not 
sure is: is it necessary to be able to set different security level for 
RPC message and bulk data?


More information about the lustre-devel mailing list