Feature #57404
mgr/nfs: Add a sectype field to nfs exports created by nfs mgr module
0%
Description
The rook team is working on adding LDAP and Kerberos support to the pods running nfs-ganesha. In order to enable "kerberized" connections the nfs protocol supports options like kerberos encryption or kerberos message integrity. Ganesha has a "SecType" option in the export configuration that can be used to select between the kerberos levels in the nfs protocol. So, for example, one export might require "krb5p" (encryption only) while another may supply "krb5p", "krb5i", "sys" (meaning prefer encryption, but fall back to message integrity or no kerberos as needed).
Note that this change will only add the option to the Ganesha config. It will have no impact on NFS servers deployed by cephadm today because those containers do not support integration with ldap/krb5 stack at this time.
Related issues
History
#1 Updated by John Mulligan 7 months ago
- Status changed from New to Fix Under Review
- Pull request ID set to 47934
#2 Updated by John Mulligan 7 months ago
- Backport set to quincy,pacific
#4 Updated by Backport Bot 6 months ago
- Copied to Backport #57787: quincy: mgr/nfs: Add a sectype field to nfs exports created by nfs mgr module added
#5 Updated by Backport Bot 6 months ago
- Copied to Backport #57788: pacific: mgr/nfs: Add a sectype field to nfs exports created by nfs mgr module added
#6 Updated by Backport Bot 6 months ago
- Tags set to backport_processed
#7 Updated by Adam King about 1 month ago
- Status changed from Pending Backport to Resolved