Well, the current "well known" place in "sss" module itself is $HIOME/.xrd/sss.keytab. I can put another "well known" location in xrootdfs if appropriate.
regards,
Wei Yang | [log in to unmask] | 650-926-3338(O)
On May 3, 2011, at 12:06 PM, Andrew Hanushevsky wrote:
> I agree. The keyfile can be in a well known place. For those who cannot
> tolerate (or comply) to using the well known place they could specify it
> on the command line. As it is, the keyfile should only be readable by the
> user running as xrootdfs (sss refuses to use the keyfile if that isn't the
> case). Practically, all such sensitive information is already publicly
> known (e.g. kerberos ticket location). So, adding a veil of obscurity
> probably isn't going to help much.
>
> Andy
>
> On Tue, 3 May 2011, Doug BENJAMIN wrote:
>
>> Hi,
>>
>> I am not really sure that it is a good idea to have the reference to key
>> file. What if the key file had a standard name
>> and was in /var/spool/xrootd/ ...
>> Doug
>>
>> Yang, Wei wrote:
>>> Hi Brian, Lukasz,
>>>
>>> Everything can be passed as command line parameters except the "sss" key
>>> file. I don't want to list the key file in the command line and invite
>>> other to hack on it. Of course, this can all be changed if the concern
>>> isn't valid.
>>>
>>> regards,
>>> Wei Yang | [log in to unmask] | 650-926-3338(O)
>>>
>>>
>>> On May 3, 2011, at 6:17 AM, Brian Bockelman wrote:
>>>
>>>
>>>> Hi Wei,
>>>>
>>>> Integrating with fstab is pretty easy. For example, you add a line like
>>>> this to /etc/fstab:
>>>>
>>>> hdfs /mnt/hadoop fuse
>>>> server=hadoop-name,port=9000,rdbuffer=32768,allow_other 0 0
>>>>
>>>> In general,
>>>>
>>>> PROG_NAME MOUNT_POINT fuse OPTIONS 0 0
>>>>
>>>> Then, fuse will execute the following:
>>>>
>>>> /usr/bin/$PROG_NAME $MOUNT_POINT $OPTIONS
>>>>
>>>> In my case, it was:
>>>>
>>>> /usr/bin/hdfs /mnt/hadoop -o
>>>> rw,server=hadoop-name,port=9000,rdbuffer=32768,allow_other
>>>>
>>>> Brian
>>>>
>>>> On May 3, 2011, at 12:39 AM, Yang, Wei wrote:
>>>>
>>>>
>>>>> think about it again, I think if we put it in fstab, it will probably
>>>>> hard to define those xrootdfs and/or fuse options and env vars. I tried
>>>>> fstab before and will take a look at it again. For now it is probably
>>>>> easier to just use a init.d script.
>>>>>
>>>>> regards,
>>>>> Wei Yang | [log in to unmask] | 650-926-3338(O)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On May 2, 2011, at 1:48 PM, Brian Bockelman wrote:
>>>>>
>>>>>
>>>>>> Follow-up Comment #1, bug #81761 (project xrootd):
>>>>>>
>>>>>> Wait -
>>>>>> Isn't xrootdfs the fuse mount for xrootd? Why not just make it
>>>>>> compatible
>>>>>> with fstab? This is the approach we took with HDFS.
>>>>>> As a sysadmin, I would prefer the fstab approach. Creating an init
>>>>>> script to
>>>>>> mount filesystems seems to go in the wrong direction.
>>>>>>
>>>>>> Brian
>>>>>>
>>>>>> _______________________________________________________
>>>>>>
>>>>>> Reply to this item at:
>>>>>>
>>>>>> <http://savannah.cern.ch/bugs/?81761>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Message sent via/by LCG Savannah
>>>>>> http://savannah.cern.ch/
>>>>>>
>>>>>>
>>>
>>>
|