 |
 |
Well, the current "well known" place in "sss" module itself is $HIOME/.xrd/sss.keytab. I can put another "well known" location in xrootdfs if appropriate. regards, Wei Yang | [log in to unmask] | 650-926-3338(O) On May 3, 2011, at 12:06 PM, Andrew Hanushevsky wrote: > I agree. The keyfile can be in a well known place. For those who cannot > tolerate (or comply) to using the well known place they could specify it > on the command line. As it is, the keyfile should only be readable by the > user running as xrootdfs (sss refuses to use the keyfile if that isn't the > case). Practically, all such sensitive information is already publicly > known (e.g. kerberos ticket location). So, adding a veil of obscurity > probably isn't going to help much. > > Andy > > On Tue, 3 May 2011, Doug BENJAMIN wrote: > >> Hi, >> >> I am not really sure that it is a good idea to have the reference to key >> file. What if the key file had a standard name >> and was in /var/spool/xrootd/ ... >> Doug >> >> Yang, Wei wrote: >>> Hi Brian, Lukasz, >>> >>> Everything can be passed as command line parameters except the "sss" key >>> file. I don't want to list the key file in the command line and invite >>> other to hack on it. Of course, this can all be changed if the concern >>> isn't valid. >>> >>> regards, >>> Wei Yang | [log in to unmask] | 650-926-3338(O) >>> >>> >>> On May 3, 2011, at 6:17 AM, Brian Bockelman wrote: >>> >>> >>>> Hi Wei, >>>> >>>> Integrating with fstab is pretty easy. For example, you add a line like >>>> this to /etc/fstab: >>>> >>>> hdfs /mnt/hadoop fuse >>>> server=hadoop-name,port=9000,rdbuffer=32768,allow_other 0 0 >>>> >>>> In general, >>>> >>>> PROG_NAME MOUNT_POINT fuse OPTIONS 0 0 >>>> >>>> Then, fuse will execute the following: >>>> >>>> /usr/bin/$PROG_NAME $MOUNT_POINT $OPTIONS >>>> >>>> In my case, it was: >>>> >>>> /usr/bin/hdfs /mnt/hadoop -o >>>> rw,server=hadoop-name,port=9000,rdbuffer=32768,allow_other >>>> >>>> Brian >>>> >>>> On May 3, 2011, at 12:39 AM, Yang, Wei wrote: >>>> >>>> >>>>> think about it again, I think if we put it in fstab, it will probably >>>>> hard to define those xrootdfs and/or fuse options and env vars. I tried >>>>> fstab before and will take a look at it again. For now it is probably >>>>> easier to just use a init.d script. >>>>> >>>>> regards, >>>>> Wei Yang | [log in to unmask] | 650-926-3338(O) >>>>> >>>>> >>>>> >>>>> >>>>> On May 2, 2011, at 1:48 PM, Brian Bockelman wrote: >>>>> >>>>> >>>>>> Follow-up Comment #1, bug #81761 (project xrootd): >>>>>> >>>>>> Wait - >>>>>> Isn't xrootdfs the fuse mount for xrootd? Why not just make it >>>>>> compatible >>>>>> with fstab? This is the approach we took with HDFS. >>>>>> As a sysadmin, I would prefer the fstab approach. Creating an init >>>>>> script to >>>>>> mount filesystems seems to go in the wrong direction. >>>>>> >>>>>> Brian >>>>>> >>>>>> _______________________________________________________ >>>>>> >>>>>> Reply to this item at: >>>>>> >>>>>> <http://savannah.cern.ch/bugs/?81761> >>>>>> >>>>>> _______________________________________________ >>>>>> Message sent via/by LCG Savannah >>>>>> http://savannah.cern.ch/ >>>>>> >>>>>> >>> >>>