From patchwork Wed Dec 18 17:18:10 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 302992 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 0CA0C2C007C for ; Thu, 19 Dec 2013 04:18:30 +1100 (EST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id rBIHIRiu029748 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 18 Dec 2013 17:18:28 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rBIHIQkt025923 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Dec 2013 17:18:27 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1VtKlO-00061h-SO; Wed, 18 Dec 2013 09:18:26 -0800 Received: from ucsinet21.oracle.com ([156.151.31.93]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1VtKlC-00060d-F2 for fedfs-utils-devel@oss.oracle.com; Wed, 18 Dec 2013 09:18:14 -0800 Received: from aserp1030.oracle.com (aserp1030.oracle.com [141.146.126.68]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rBIHIDY6020833 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 18 Dec 2013 17:18:14 GMT Received: from mail-ie0-f180.google.com (mail-ie0-f180.google.com [209.85.223.180]) by aserp1030.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id rBIHICHu001684 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Wed, 18 Dec 2013 17:18:13 GMT Received: by mail-ie0-f180.google.com with SMTP id tp5so10593240ieb.39 for ; Wed, 18 Dec 2013 09:18:12 -0800 (PST) X-Received: by 10.50.28.111 with SMTP id a15mr9017913igh.3.1387387092279; Wed, 18 Dec 2013 09:18:12 -0800 (PST) Received: from seurat.1015granger.net (c-68-32-80-121.hsd1.mi.comcast.net. [68.32.80.121]) by mx.google.com with ESMTPSA id j3sm1356462igj.9.2013.12.18.09.18.11 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Dec 2013 09:18:11 -0800 (PST) To: fedfs-utils-devel@oss.oracle.com From: Chuck Lever Date: Wed, 18 Dec 2013 12:18:10 -0500 Message-ID: <20131218171810.7774.47982.stgit@seurat.1015granger.net> In-Reply-To: <20131218170221.7774.44432.stgit@seurat.1015granger.net> References: <20131218170221.7774.44432.stgit@seurat.1015granger.net> User-Agent: StGit/0.16 MIME-Version: 1.0 X-Flow-Control-Info: class=Pass-to-MM reputation=ipRisk-All ip=209.85.223.180 ct-class=R5 ct-vol1=0 ct-vol2=9 ct-vol3=8 ct-risk=47 ct-spam1=75 ct-spam2=7 ct-bulk=6 rcpts=1 size=5248 X-Sendmail-CM-Score: 0.00% X-Sendmail-CM-Analysis: v=2.1 cv=DIq2vU9b c=1 sm=1 tr=0 a=dOnoqYrCn27l/2q2rXz4xw==:117 a=lHl1VeN+WkZht9Pe5WE6vg==:17 a=dzsqy3y4QnMA:10 a=popJ6liDCR4A:10 a=dPGociXpb70A:10 a=IkcTkHD0fZMA:10 a=yPCof4ZbAAAA:8 a=Lb1rMZzfAAAA:8 a=1XWaLZrsAAAA:8 a=C_IRinGWAAAA:8 a=q0 Tkek5udYsA:10 a=zit-T4AQV2HqEsJvy5oA:9 a=QEXdDO2ut3YA:10 a=7DSvI1NPTFQA:10 X-Sendmail-CT-Classification: not spam X-Sendmail-CT-RefID: str=0001.0A090207.52B1D8D5.0076, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 Subject: [fedfs-utils] [PATCH 5/5] README: Remove warnings about fedfsd X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet22.oracle.com [141.146.126.238] rpc.fedfsd now uses an Access Control List and strong authentication to control who can perform ADMIN operations. Security warnings about using rpc.fedfsd are no longer needed. Signed-off-by: Chuck Lever --- README | 53 ++++++++++++++++++++++------------------------------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/README b/README index d236605..31d2355 100644 --- a/README +++ b/README @@ -20,13 +20,6 @@ guaranteed to work. Programming, administrative, and user interfaces may change significantly before the next release. This release is for technology preview only. -Warning: This package installs an externally visible RPC service that -allows creation and deletion of directories on all areas of a fileserver. -The security features of the FedFS ADMIN server code (RPCSEC GSSAPI) -have not yet been implemented. Until these features are implemented, -use careful judgement about deploying the FedFS ADMIN RPC service daemon -on production file servers. - Warning: The implementation in this package is based on internet draft standards that are still evolving. The current release of fedfs-utils may not be compatible with the next release of this package, nor with @@ -142,10 +135,11 @@ is available to support the use of this plug-in library. The fedfsd program is an RPC server that allows remote administrators to create FedFS junctions in local file systems. FedFS ADMIN requests that -can mutate local file system state are authenticated via RPCSEC GSSAPI -(not yet implemented). Run this program on NFS file servers that -participate in a FedFS federation to allow the management of FedFS -junctions on that server. +can mutate local file system state are authenticated via RPCSEC GSSAPI. +Run this program on NFS file servers that participate in a FedFS +federation to allow the management of FedFS junctions on that server. +The use of strong authentication (the Kerberos GSS mechanism) is highly +encouraged when deploying an FedFS ADMIN server. The command-line clients are used by FedFS adminstrators to manage the state of the local FedFS federation. These are simple clients that @@ -189,11 +183,10 @@ An entry for the FedFS ADMIN protocol in /etc/rpc: fedfs_admin 100418 -The fedfsd program requires rpcbind and libtirpc. In the future, it -will also require correctly configured RPCSEC GSSAPI on the system -where it is running. For example, to support Kerberos authentication, -Kerberos configuration files would have to be up to date, and a proper -keytab must be established. +The fedfsd program requires rpcbind and libtirpc. It requires correctly +configured RPCSEC GSSAPI on the system where it is running. For example, +to support Kerberos authentication, Kerberos configuration files have to +be up to date, and a proper keytab must be established. Distributors should provide an appropriate init script (or equivalent) to ensure that fedfsd is started after a system boot. The contrib/ @@ -213,9 +206,9 @@ libcap is required to permit rpc.fedfsd, nsdbparams, and the junction plug-in library to access trusted extended attributes in each file system. -The FedFS ADMIN clients require libtirpc. In the future, they will -also require correctly configured RPCSEC GSSAPI (usually Kerberos is -the preferred authentication flavor). +The FedFS ADMIN clients require libtirpc. They also require correctly +configured RPCSEC GSSAPI. Typically Kerberos with integrity is the +preferred authentication flavor. NSDB client components require LDAP libraries and support for TLS (namely, OpenSSL). @@ -238,18 +231,16 @@ Security considerations The FedFS network protocols employ standard network security mechanisms to authenticate servers and administrators. Therefore, -packaged support for RPCSEC GSSAPI (in the future) and LDAP over TLS -must be installed and configured correctly on the systems running -these programs. Further discussion of installation and configuration -of these packages is beyond the scope of this document. (To do: -implement RPCSEC GSSAPI support). - -FedFS ADMIN clients contact the FedFS ADMIN server with no -authentication today, but in the future will use RPCGSS security. -The FedFS administrator will authenticate to the ADMIN server when -performing operations that change the persistent state of the ADMIN -and file server (eg. creating junctions or setting NSDB connection -parameters). +packaged support for RPCSEC GSSAPI and LDAP over TLS must be +installed and configured correctly on the systems running these +programs. Further discussion of installation and configuration +of these packages is beyond the scope of this document. + +FedFS ADMIN clients contact the FedFS ADMIN server using AUTH_SYS +or RPCGSS security. The FedFS administrator authenticates to the +ADMIN server when performing operations that change the persistent +state of the ADMIN and file server (eg. creating junctions or +setting NSDB connection parameters). Before performing operations that change the persistent state of an NSDB node, NSDB clients should authenticate the server using the