/* This is too coarse. We'll let mech determine it */
#define GSS_MAX_AUTH_PAYLOAD (128)
+/* FIXME we'd better make it expire sooner than it really is, since
+ * there's chance it might get expire between the last check and
+ * encrypt rpc. but the time between check & encrypt is not so certain.
+ */
+static inline
+unsigned long gss_roundup_expire_time(__u64 expiry)
+{
+ unsigned long cur = get_seconds();
+
+ if (expiry >= cur + obd_timeout)
+ return (unsigned long) expiry - obd_timeout;
+ return (unsigned long) expiry;
+}
+
/* gss_mech_switch.c */
int init_kerberos_module(void);
void cleanup_kerberos_module(void);
CERROR("unable to get expire time\n");
ctx_expiry = 1; /* make it expired now */
}
- cred->pc_expire = (unsigned long) ctx_expiry;
+ cred->pc_expire = gss_roundup_expire_time(ctx_expiry);
write_lock(&gss_ctx_lock);
old = gcred->gc_ctx;
git://git.whamcloud.com / fs / lustre-release.git / commitdiff