git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Fri, 20 Oct 2023 08:27:14 +0000 (10:27 +0200)
committer	Andreas Dilger <adilger@whamcloud.com>
	Wed, 14 Feb 2024 19:18:52 +0000 (19:18 +0000)
commit	eef24d8a97b4697f90598f849801a4d35a9a8f68
tree	b7676feaf1bb9ef397fe5b3ee217f4b62a137de5	tree \| snapshot
parent	3a1c8669452edfa03e3f4e1ca5e0625de70c093b	commit \| diff

LU-17173 gss: user keys go to user keyring

Keys for root, that are used for Lustre internal processing, are
stored in the session keyring. That way they can be found by all
Lustre processes in userspace and in the kernel.
For end user keys, it is better to store them in the user keyring.
This simplifies key management, makes them shared accross all user
sessions, and avoids unfortunate key leak if lfs flushctx is not
called at user logout.

Lustre-change: https://review.whamcloud.com/52771
Lustre-commit: 02b456e4a445b9503b044df30932cc0fb5021f49

Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ibb3d326e89dcacc89e77eca76cdb773861d3a8a7
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/53908
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Andreas Dilger <adilger@whamcloud.com>

libcfs/autoconf/lustre-libcfs.m4		diff \| blob \| history
lustre/ptlrpc/gss/gss_keyring.c		diff \| blob \| history
lustre/ptlrpc/sec_lproc.c		diff \| blob \| history
lustre/tests/sanity-krb5.sh		diff \| blob \| history
lustre/utils/gss/lgss_keyring.c		diff \| blob \| history
lustre/utils/gss/lgss_krb5_utils.c		diff \| blob \| history
lustre/utils/gss/lgss_utils.c		diff \| blob \| history
lustre/utils/gss/lgss_utils.h		diff \| blob \| history