[Lustre-discuss] Kerberos auth by lnet
Josephine Palencia
josephin at psc.edu
Thu Jul 29 14:52:40 PDT 2010
Correction:
> Problem:
> --------
> I can change all kerberos flavors modifications on default and tcp0,
> tcp21 and get indication on MDS server showing the changes ONLY for
default and tcp0 (not tcp21).
On Thu, 29 Jul 2010, Josephine Palencia wrote:
>
> Hello,
>
> I set up 3 lustre networks for the following:
>
> tcp0 for kerberized connections lustre 2.0
> tcp21 for no kerberos auth connections to lustre 2.0
> tcp18 for no kerberos auth connections to lustre 1.83
>
> Below are the kerb specifications by network:
>
> Secure RPC Config Rules:
> BEER.srpc.flavor.tcp=krb5p
> BEER.srpc.flavor.tcp21=null
> BEER.srpc.flavor.default=krb5n
>
> The name of the lustre filesystem is /beer.
>
> youngs.beer.psc.edu on tcp0
> youngs-145.beer.psc.edu on tcp21
>
> [root at youngs ~]# !lctl list_nids
> lctl list_nids list_nids
> 128.182.58.125 at tcp
> 128.182.145.125 at tcp21
>
> [root at youngs ~]# df -h
> Filesystem Size Used Avail Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
> 4.8G 2.0G 2.6G 43% /
> /dev/hda1 99M 24M 71M 25% /boot
> tmpfs 506M 0 506M 0% /dev/shm
> guinness.beer.psc.edu at tcp0:/BEER
> 99G 50G 47G 52% /beer
> guinness-145.beer.psc.edu at tcp21:/BEER
> 99G 50G 47G 52% /beer-145
>
> Problem:
> --------
> I can change all kerberos flavors modifications on default and tcp0,
> tcp21 and get indication on MDS server showing the changes.
> I don't see such confirmation for tcp21. But I can certainly mount as
> shown above. I suspect that tcp21 is defaulting to krb5p and thus
> requiring still auth for users. /beer and /beer-145 are NFS-exported to
> other systems residing in same and different kerberos realms.
> Root can access the filesystems with no problem but users require
> authentication.
>
> My modprobe is of the form
> options lnet ip2nets="tcp0(eth0) 128.182.58.*; tcp21(eth1) 128.182.145.*"
> routes="tcp0 128.182.145.121 at tcp21; tcp21 128.182.58.121 at tcp0"
>
> Question:
> --------
> What's the interoperability between lustre 2.0* and lustre 1.83?
> Officially it is not compatible and/or supported?
> But unofficially, we can try it? Or absolutely not compatible.
>
> I would appreciate any feedback/corrections.
>
> Thanks,
> josephine
>
> Reference:
> ----------
> Lustre version: 2.0.5 Alpha
> Lustre release: 1.9.280
> Kernel: 2.6.18_128.7.1
>
>
>
> _______________________________________________
> Lustre-discuss mailing list
> Lustre-discuss at lists.lustre.org
> http://lists.lustre.org/mailman/listinfo/lustre-discuss
>
More information about the lustre-discuss
mailing list