Whamcloud - gitweb
LU-17714 gss: support revoked session keyring
In case the session keyring for a regular user has been revoked, the
key ends up being linked to the user session keyring. So we must
detect this case and properly unlink the key from the correct keyring.
This applies to the initial key creation workflow, as well as to the
explicit context flush ('lfs flushctx').
Add sanity-krb5 test_10 to exercise this capability.
Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: If96703a2de9a4172613bfbd96e7529b16169cf58
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55627
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>