[lustre-discuss] restrict client access to lustre
Dilger, Andreas
andreas.dilger at intel.com
Sat Feb 3 00:37:45 PST 2018
On Jan 30, 2018, at 01:39, Ekaterina Popova <Ekaterina.Popova at ihep.ru> wrote:
>
> Hello!
>
> I would be very appreciated if you cleared things up to me.
>
> If we use NFS we can export policies to restrict NFS access to volumes to clients that match specific parameters. Can I do it on Lustre? Are there any built-in mechanisms in Lustre filesystem for client access restriction?
>
> Thank you very much for your assistance in advance!
Since Lustre 2.9 it is possible to use the "nodemap" feature to limit
the access client nodes with specific NIDs.
If you want stronger authentication than just the client addresses,
then you can also use Shared Secret Key or Kerberos to identify the
clients from their crypto key or Kerberos ticket. Unidentified clients
can be blocked from accessing the filesystem.
Cheers, Andreas
--
Andreas Dilger
Lustre Principal Architect
Intel Corporation
More information about the lustre-discuss
mailing list