git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Fri, 5 Jul 2024 14:51:44 +0000 (16:51 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Wed, 31 Jul 2024 16:03:20 +0000 (16:03 +0000)
commit	02a3973af6ea048f5f697400a3fc3740520acd36
tree	fc1c747979ec7cd4b36ab2ba7b23e421aaaa64bc	tree \| snapshot
parent	aea9738642fc31b05c405f22fef7234f78f31d8e	commit \| diff

LU-18005 gss: allow regular users to authenticate on MGS

It can be useful for regular users to be able to authenticate against
the MGS, for instance to run 'lfs check mgts'.
Just allow this type of authentication request in the code, and take
into account the MGC export when doing 'lfs flushctx', so that any
user key associated with the MGS gets flushed as well.

Add sanity-krb5 test_152 to exercise this capability.

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I4871b4ed61af918644e11d64ef5750a858713323
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55640
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/llite/llite_lib.c		diff \| blob \| history
lustre/mgc/mgc_request.c		diff \| blob \| history
lustre/ptlrpc/gss/gss_svc_upcall.c		diff \| blob \| history
lustre/ptlrpc/gss/sec_gss.c		diff \| blob \| history
lustre/ptlrpc/sec.c		diff \| blob \| history
lustre/tests/sanity-krb5.sh		diff \| blob \| history
lustre/utils/gss/svcgssd_proc.c		diff \| blob \| history