[lustre-discuss] restrict client access to lustre

Dilger, Andreas andreas.dilger at intel.com
Sat Feb 3 00:37:45 PST 2018

On Jan 30, 2018, at 01:39, Ekaterina Popova <Ekaterina.Popova at ihep.ru> wrote:
> Hello!
> I would be very appreciated if you cleared things up to me.
> If we use NFS we can export policies to restrict NFS access to volumes to clients that match specific parameters. Can I do it on Lustre? Are there any built-in mechanisms in Lustre filesystem for client access restriction?
> Thank you very much for your assistance in advance!

Since Lustre 2.9 it is possible to use the "nodemap" feature to limit
the access client nodes with specific NIDs.

If you want stronger authentication than just the client addresses,
then you can also use Shared Secret Key or Kerberos to identify the
clients from their crypto key or Kerberos ticket.  Unidentified clients
can be blocked from accessing the filesystem.

Cheers, Andreas
Andreas Dilger
Lustre Principal Architect
Intel Corporation

More information about the lustre-discuss mailing list