diff mbox

[5/5] README: Remove warnings about fedfsd

Message ID 20131218171810.7774.47982.stgit@seurat.1015granger.net
State Accepted
Headers show

Commit Message

Chuck Lever Dec. 18, 2013, 5:18 p.m. UTC
rpc.fedfsd now uses an Access Control List and strong authentication
to control who can perform ADMIN operations.  Security warnings
about using rpc.fedfsd are no longer needed.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 README |   53 ++++++++++++++++++++++-------------------------------
 1 file changed, 22 insertions(+), 31 deletions(-)
diff mbox

Patch

diff --git a/README b/README
index d236605..31d2355 100644
--- a/README
+++ b/README
@@ -20,13 +20,6 @@  guaranteed to work.  Programming, administrative, and user interfaces
 may change significantly before the next release.  This release is
 for technology preview only.
 
-Warning: This package installs an externally visible RPC service that
-allows creation and deletion of directories on all areas of a fileserver.
-The security features of the FedFS ADMIN server code (RPCSEC GSSAPI)
-have not yet been implemented.  Until these features are implemented,
-use careful judgement about deploying the FedFS ADMIN RPC service daemon
-on production file servers.
-
 Warning: The implementation in this package is based on internet draft
 standards that are still evolving.  The current release of fedfs-utils
 may not be compatible with the next release of this package, nor with
@@ -142,10 +135,11 @@  is available to support the use of this plug-in library.
 
 The fedfsd program is an RPC server that allows remote administrators to
 create FedFS junctions in local file systems.  FedFS ADMIN requests that
-can mutate local file system state are authenticated via RPCSEC GSSAPI
-(not yet implemented).  Run this program on NFS file servers that
-participate in a FedFS federation to allow the management of FedFS
-junctions on that server.
+can mutate local file system state are authenticated via RPCSEC GSSAPI.
+Run this program on NFS file servers that participate in a FedFS
+federation to allow the management of FedFS junctions on that server.
+The use of strong authentication (the Kerberos GSS mechanism) is highly
+encouraged when deploying an FedFS ADMIN server.
 
 The command-line clients are used by FedFS adminstrators to manage the
 state of the local FedFS federation.  These are simple clients that
@@ -189,11 +183,10 @@  An entry for the FedFS ADMIN protocol in /etc/rpc:
 
 	fedfs_admin	100418
 
-The fedfsd program requires rpcbind and libtirpc.  In the future, it
-will also require correctly configured RPCSEC GSSAPI on the system
-where it is running.  For example, to support Kerberos authentication,
-Kerberos configuration files would have to be up to date, and a proper
-keytab must be established.
+The fedfsd program requires rpcbind and libtirpc.  It requires correctly
+configured RPCSEC GSSAPI on the system where it is running.  For example,
+to support Kerberos authentication, Kerberos configuration files have to
+be up to date, and a proper keytab must be established.
 
 Distributors should provide an appropriate init script (or equivalent)
 to ensure that fedfsd is started after a system boot.  The contrib/
@@ -213,9 +206,9 @@  libcap is required to permit rpc.fedfsd, nsdbparams, and the junction
 plug-in library to access trusted extended attributes in each file
 system.
 
-The FedFS ADMIN clients require libtirpc.  In the future, they will
-also require correctly configured RPCSEC GSSAPI (usually Kerberos is
-the preferred authentication flavor).
+The FedFS ADMIN clients require libtirpc.  They also require correctly
+configured RPCSEC GSSAPI.  Typically Kerberos with integrity is the
+preferred authentication flavor.
 
 NSDB client components require LDAP libraries and support for TLS
 (namely, OpenSSL).
@@ -238,18 +231,16 @@  Security considerations
 
 The FedFS network protocols employ standard network security
 mechanisms to authenticate servers and administrators.  Therefore,
-packaged support for RPCSEC GSSAPI (in the future) and LDAP over TLS
-must be installed and configured correctly on the systems running
-these programs.  Further discussion of installation and configuration
-of these packages is beyond the scope of this document.  (To do:
-implement RPCSEC GSSAPI support).
-
-FedFS ADMIN clients contact the FedFS ADMIN server with no
-authentication today, but in the future will use RPCGSS security.
-The FedFS administrator will authenticate to the ADMIN server when
-performing operations that change the persistent state of the ADMIN
-and file server (eg. creating junctions or setting NSDB connection
-parameters).
+packaged support for RPCSEC GSSAPI and LDAP over TLS must be
+installed and configured correctly on the systems running these
+programs.  Further discussion of installation and configuration
+of these packages is beyond the scope of this document.
+
+FedFS ADMIN clients contact the FedFS ADMIN server using AUTH_SYS
+or RPCGSS security.  The FedFS administrator authenticates to the
+ADMIN server when performing operations that change the persistent
+state of the ADMIN and file server (eg. creating junctions or
+setting NSDB connection parameters).
 
 Before performing operations that change the persistent state of an
 NSDB node, NSDB clients should authenticate the server using the