Kerberos+NFS4

Thomas Krauss - ITServ GmbH thomas.krauss at itserv.de
Thu Aug 1 09:58:09 EDT 2013


You may want to configure a different timeout for the contexts in your gssd config.

My experience is that a context remains in the kernel for about an hour after the user`s cache has

been destroyed. 

It is possible to reduce that to a second by

 
/etc/sysconfig/nfs

RPCGSSDARGS="-vvv -t 1"

 
in Redhat. 

If you take a look into the logs and notice the processing going on you will soon conclude

that a second is not ideal. 

I currently use 600s as a compromise between transparency from user space and additional overhead.

 
Hth


Tom
 
-----Original message-----
From:Simo Sorce <simo at redhat.com>
Sent:Wed 31-07-2013 17:43
Subject:Re: Kerberos+NFS4
To:Daniel Kahn Gillmor <dkg at fifthhorseman.net>; 
CC:kerberos at mit.edu; 
On Wed, 2013-07-31 at 11:07 -0400, Daniel Kahn Gillmor wrote:
> On 07/31/2013 08:14 AM, Simo Sorce wrote:
> > On Wed, 2013-07-31 at 13:15 +0200, Andreas Hauffe wrote:
> >> Do you now if there is a way to clear the cache at least at a logout of the 
> >> user?
> > 
> > No there isn't at this time, we have been thinking for a while about how
> > to connect a kdestroy with the kernel removing the context but there is
> > no mechanism yet built in the system to reliably communicate such an
> > event to the kernel.
> 
> Sorry if this is a simple question: If there is no way to remove the
> contexts, is there a standard way to enumerate the set of active
> contexts within the kernel, their durations, and the principals involved?

not that I know of, but haven't really develed deep on what kind of
information is exposed via the proc or sysfs interface.

You'll have better luck asking this kind of questions on the linux-nfs
mailing list I think.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


--
Angaben gemäß §35a GmbH-Gesetz:
ITServ GmbH
Sitz der Gesellschaft: 55294 Bodenheim/Rhein
Eingetragen unter Registernummer HRB 41668 beim Amtsgericht Mainz
Vertretungsberechtiger Geschäftsführer: Peter Bauer, 55294 Bodenheim
Umsatzsteuer-ID: DE182270475



More information about the Kerberos mailing list