[fedfs-utils] [PATCH 5/5] README: Remove warnings about fedfsd
Chuck Lever
chuck.lever at oracle.com
Wed Dec 18 09:18:10 PST 2013
rpc.fedfsd now uses an Access Control List and strong authentication
to control who can perform ADMIN operations. Security warnings
about using rpc.fedfsd are no longer needed.
Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---
README | 53 ++++++++++++++++++++++-------------------------------
1 file changed, 22 insertions(+), 31 deletions(-)
diff --git a/README b/README
index d236605..31d2355 100644
--- a/README
+++ b/README
@@ -20,13 +20,6 @@ guaranteed to work. Programming, administrative, and user interfaces
may change significantly before the next release. This release is
for technology preview only.
-Warning: This package installs an externally visible RPC service that
-allows creation and deletion of directories on all areas of a fileserver.
-The security features of the FedFS ADMIN server code (RPCSEC GSSAPI)
-have not yet been implemented. Until these features are implemented,
-use careful judgement about deploying the FedFS ADMIN RPC service daemon
-on production file servers.
-
Warning: The implementation in this package is based on internet draft
standards that are still evolving. The current release of fedfs-utils
may not be compatible with the next release of this package, nor with
@@ -142,10 +135,11 @@ is available to support the use of this plug-in library.
The fedfsd program is an RPC server that allows remote administrators to
create FedFS junctions in local file systems. FedFS ADMIN requests that
-can mutate local file system state are authenticated via RPCSEC GSSAPI
-(not yet implemented). Run this program on NFS file servers that
-participate in a FedFS federation to allow the management of FedFS
-junctions on that server.
+can mutate local file system state are authenticated via RPCSEC GSSAPI.
+Run this program on NFS file servers that participate in a FedFS
+federation to allow the management of FedFS junctions on that server.
+The use of strong authentication (the Kerberos GSS mechanism) is highly
+encouraged when deploying an FedFS ADMIN server.
The command-line clients are used by FedFS adminstrators to manage the
state of the local FedFS federation. These are simple clients that
@@ -189,11 +183,10 @@ An entry for the FedFS ADMIN protocol in /etc/rpc:
fedfs_admin 100418
-The fedfsd program requires rpcbind and libtirpc. In the future, it
-will also require correctly configured RPCSEC GSSAPI on the system
-where it is running. For example, to support Kerberos authentication,
-Kerberos configuration files would have to be up to date, and a proper
-keytab must be established.
+The fedfsd program requires rpcbind and libtirpc. It requires correctly
+configured RPCSEC GSSAPI on the system where it is running. For example,
+to support Kerberos authentication, Kerberos configuration files have to
+be up to date, and a proper keytab must be established.
Distributors should provide an appropriate init script (or equivalent)
to ensure that fedfsd is started after a system boot. The contrib/
@@ -213,9 +206,9 @@ libcap is required to permit rpc.fedfsd, nsdbparams, and the junction
plug-in library to access trusted extended attributes in each file
system.
-The FedFS ADMIN clients require libtirpc. In the future, they will
-also require correctly configured RPCSEC GSSAPI (usually Kerberos is
-the preferred authentication flavor).
+The FedFS ADMIN clients require libtirpc. They also require correctly
+configured RPCSEC GSSAPI. Typically Kerberos with integrity is the
+preferred authentication flavor.
NSDB client components require LDAP libraries and support for TLS
(namely, OpenSSL).
@@ -238,18 +231,16 @@ Security considerations
The FedFS network protocols employ standard network security
mechanisms to authenticate servers and administrators. Therefore,
-packaged support for RPCSEC GSSAPI (in the future) and LDAP over TLS
-must be installed and configured correctly on the systems running
-these programs. Further discussion of installation and configuration
-of these packages is beyond the scope of this document. (To do:
-implement RPCSEC GSSAPI support).
-
-FedFS ADMIN clients contact the FedFS ADMIN server with no
-authentication today, but in the future will use RPCGSS security.
-The FedFS administrator will authenticate to the ADMIN server when
-performing operations that change the persistent state of the ADMIN
-and file server (eg. creating junctions or setting NSDB connection
-parameters).
+packaged support for RPCSEC GSSAPI and LDAP over TLS must be
+installed and configured correctly on the systems running these
+programs. Further discussion of installation and configuration
+of these packages is beyond the scope of this document.
+
+FedFS ADMIN clients contact the FedFS ADMIN server using AUTH_SYS
+or RPCGSS security. The FedFS administrator authenticates to the
+ADMIN server when performing operations that change the persistent
+state of the ADMIN and file server (eg. creating junctions or
+setting NSDB connection parameters).
Before performing operations that change the persistent state of an
NSDB node, NSDB clients should authenticate the server using the
More information about the fedfs-utils-devel
mailing list