[Lustre-discuss] Lustre kerberos credentials not looking at $KRB5CCNAME
Nicolas Williams
Nicolas.Williams at sun.com
Thu Jul 23 16:09:54 PDT 2009
On Thu, Jul 23, 2009 at 07:06:01PM -0400, Josephine Palencia wrote:
> Lustre kerberos does not look at $KRB5CCNAME. It assumes that your
> kerberos ccache is /etc/krb5cc_N. This problem affects system which
> uses kerberos toauthenticate logins. The system complains with a log
> error saying that it cannot find a ccache and the user cannot
> accessthe lustre filsystem (permission denied with df or any attempts
> for IO).
Kernel code can't look at user-land environment variables.
On a kernel with keyrings and recent MIT krb5 code the correct behavior
should be that the system finds and uses the ccache named in the
process' keyring for krb5.
> The ideal solution is for lustre kerberos to have something similar to
> "afslog" which will look at $KRB5CCNAME and put lustre credentials
> somewhere where the system can find them.
OpenAFS now does more or less what I mention above. I'm new to Lustre,
but I'll take a look and see what's wron with what Lustre's doing.
Nico
--
More information about the lustre-discuss
mailing list