1 .TH lgss_sk 8 "2016 Jan 12" Lustre "configuration utilities"
3 lgss_sk \- Lustre GSS Shared-Key tool
5 .B "lgss_sk [OPTIONS] -r <keyfile> | -w <keyfile> | -m <keyfile> | -l <keyfile>"
9 can be used to read, write, modify, and load the contents of a shared-key keyfile.
12 accepts the following options:
14 .I "-l, --load <keyfile>"
15 Load key from file into user's session keyring.
17 .I "-m, --modify <keyfile>"
18 Modify a file's key attributes.
20 .I "-r, --read <keyfile>"
21 Show file's key attributes.
23 .I "-w, --write <keyfile>"
28 .I "-t, --type <type>"
29 Key type (mgs, server, client).
33 .I "-c, --crypt <num>"
34 Cipher for encryption (Default: AES-256-CTR)
40 Hash alg for HMAC (Default: SHA256)
47 .I "-e, --expire <num>"
48 Seconds before contexts from key expire (Default: 604800 seconds).
50 .I "-f, --fsname <name>"
51 File system name for key.
53 .I "-g, --mgsnids <nids>"
54 Comma seperated list of MGS NIDs. Only required when mgssec is used (Default: "").
56 .I "-n, --nodemap <name>"
57 Nodemap name for key (Default: "default").
59 .I "-s, --session <len>"
60 Session key length in bits (Default: 1024).
62 .I "-k, --shared <len>"
63 Shared key length in bits (Default: 256).
65 .I "-d, --data <file>"
66 Shared key entopy data source (default: /dev/random). It is possible to
67 use /dev/urandom for testing, but this may provide less security in some
68 cases. You may need to press keys on the keyboard or move the mouse
69 (if directly attached to the system) or cause disk IO (if system is remote),
70 in order to generate entropy for the key if there is not a hardware random
71 number generator on the system.
76 Increase verbosity for errors.
78 Write a key for file system 'tank' for a client in the biology nodemap:
81 [root@server ~]# lgss_sk -f tank -n biology -w tank.biology.key
84 Add MGS NIDs to existing key:
87 [root@server ~]# lgss_sk -g 192.168.1.101@tcp,10.10.0.101@o2ib \\
94 [root@server ~]# lgss_sk -r tank.biology.key
97 Crypt alg: AES-256-CTR
98 Ctx Expiration: 2147483647 seconds
99 Shared keylen: 256 bits
100 Session keylen: 1024 bits
102 MGS NIDs: 192.168.1.101@tcp 10.10.0.101@o2ib
103 Nodemap name: biology
105 0000: e486 65a8 b0d6 a8bc 17c4 8316 7f5a 701d ..e..........Zp.
106 0010: 5d6a 7b42 ed35 49cf 5ae9 0638 b12d e3d6 ]j{B.5I.Z..8.-..