[Bugs] [Bug 1180056] New: Implement AUTH_SHORT to improve credential/group caching on the bricks
bugzilla at redhat.com
bugzilla at redhat.com
Thu Jan 8 09:13:19 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1180056
Bug ID: 1180056
Summary: Implement AUTH_SHORT to improve credential/group
caching on the bricks
Product: GlusterFS
Version: mainline
Component: rpc
Keywords: FutureFeature, Triaged
Severity: medium
Priority: medium
Assignee: bugs at gluster.org
Reporter: ndevos at redhat.com
CC: bugs at gluster.org, gluster-bugs at redhat.com
When the brick process is instructed to fetch the groups of the user executing
a procedure ("server.manage-gids" volume option), the cache is only kept for a
short period ("server.gid-timeout" volume option). It would be much nicer to
have the cache associated with an AUTH_SHORT (see
http://tools.ietf.org/html/rfc5531#page-25) reference.
GlusterFS clients will then be able to receive a AUTH_SHORT reference (per
user/uid) after the first procedure, and subsequent procedures would then pass
the AUTH_SHORT reference as RPC-credential. On the server-side, the AUTH_SHORT
reference should be validated/looked-up and the frame->root->uid/gid/groups
would be set as cached.
This makes is possible to set the gid-timeout much higher than the default 5
seconds. A refresh of the AUTH_SHORT reference (and therefore gid-cache) would
happen automatically on a remount, or possibly also by a user-settable xattr.
You could call this a user-managed-credential-cache, or something.
See also:
https://lists.fedorahosted.org/pipermail/sssd-devel/2014-November/022293.html
That email mentions keeping the AUTH_SHORT credentials in sync on all the
bricks, but I do not think that is needed. But, I also do not know yet what the
best structure would be to keep this per user and per connection token.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list