git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 13 Jun 2024 09:19:04 +0000 (11:19 +0200)
committer	Andreas Dilger <adilger@whamcloud.com>
	Wed, 3 Jul 2024 04:34:08 +0000 (04:34 +0000)
commit	ce37e711e76b16f3ad978dfe88f2263f227da99d
tree	c09da0c4b60f1e2e54a8e65052261546bd3b980f	tree \| snapshot
parent	e35bb6cfb3e89fb315efa82183176ce3740d97da	commit \| diff

LU-17940 gss: get rid of root key sooner

The root key associated with a GSS context (gck_key) is used to pass
information between kernel and userspace during GSS context
negotiation.
Once the GSS context for root is up-to-date, the key is never used
again, although it has a permanent validity. And when the context
expires, the key is directly revoked and replaced with a new one to
serve the negotiation of a new root context.
So to avoid issues with keys staying in the root's kernel keyring and
being accidentally revoked, just get rid of the key associated with a
root context as soon as the negotiation process has finished.

Lustre-change: https://review.whamcloud.com/55406
Lustre-commit: bffafaa5273109cea0e3b2a15d7a0b7ae965daa8

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I4be773723b9046ed451684bd141d5ef2bc584bfb
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/55528
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>