d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
04cb0c38eb
freebsd-skq/sys/rpc
History
Rick Macklem 04cb0c38eb Add a cap on credential lifetime for Kerberized NFS. 
The kernel RPCSEC_GSS code sets the credential (called a client) lifetime
to the lifetime of the Kerberos ticket, which is typically several hours.
As such, when a user's credentials change such as being added to a new group,
it can take several hours for this change to be recognized by the NFS server.
This patch adds a sysctl called kern.rpc.gss.lifetime_max which can be set
by a sysadmin to put a cap on the time to expire for the credentials, so that
a sysadmin can reduce the timeout.
It also fixes a bug, where time_uptime is added twice when GSS_C_INDEFINITE
is returned for a lifetime. This has no effect in practice, sine Kerberos
never does this.

Tested by:	pen@lysator.liu.se
PR:		242132
Submitted by:	pen@lysator.liu.se
MFC after:	2 weeks
2019-11-28 02:05:31 +00:00
..
rpcsec_gss Add a cap on credential lifetime for Kerberized NFS. 2019-11-28 02:05:31 +00:00
auth_none.c
auth_unix.c
auth.h
authunix_prot.c
clnt_bck.c
clnt_dg.c
clnt_rc.c
clnt_stat.h
clnt_vc.c
clnt.h
getnetconfig.c
krpc.h
netconfig.h
nettype.h
pmap_prot.h
replay.c
replay.h
rpc_callmsg.c
rpc_com.h
rpc_generic.c
rpc_msg.h
rpc_prot.c
rpc.h
rpcb_clnt.c
rpcb_clnt.h
rpcb_prot.c
rpcb_prot.h
rpcm_subs.h
rpcsec_gss.h
svc_auth_unix.c
svc_auth.c
svc_auth.h
svc_dg.c
svc_generic.c
svc_vc.c Avoid relying on header pollution from sys/refcount.h. 2019-07-29 20:26:01 +00:00
svc.c
svc.h
types.h
xdr.h