git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Fri, 20 Oct 2023 08:27:14 +0000 (10:27 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Sun, 4 Feb 2024 08:27:45 +0000 (08:27 +0000)
commit	02b456e4a445b9503b044df30932cc0fb5021f49
tree	5d22c4ebda48caca71a5f0404ce797c34a4b34c8	tree \| snapshot
parent	291ac6e6925e3bdf31f527de2bedf5f19706b230	commit \| diff

LU-17173 gss: user keys go to user keyring

Keys for root, that are used for Lustre internal processing, are
stored in the session keyring. That way they can be found by all
Lustre processes in userspace and in the kernel.
For end user keys, it is better to store them in the user keyring.
This simplifies key management, makes them shared accross all user
sessions, and avoids unfortunate key leak if lfs flushctx is not
called at user logout.

Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ibb3d326e89dcacc89e77eca76cdb773861d3a8a7
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/52771
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

libcfs/autoconf/lustre-libcfs.m4		diff \| blob \| history
lustre/ptlrpc/gss/gss_keyring.c		diff \| blob \| history
lustre/ptlrpc/sec_lproc.c		diff \| blob \| history
lustre/tests/sanity-krb5.sh		diff \| blob \| history
lustre/utils/gss/lgss_keyring.c		diff \| blob \| history
lustre/utils/gss/lgss_krb5_utils.c		diff \| blob \| history
lustre/utils/gss/lgss_utils.c		diff \| blob \| history
lustre/utils/gss/lgss_utils.h		diff \| blob \| history