aboutsummaryrefslogtreecommitdiff
path: root/sys/modules/trm/Makefile
diff options
context:
space:
mode:
authorRick Macklem <rmacklem@FreeBSD.org>2019-11-28 02:05:31 +0000
committerRick Macklem <rmacklem@FreeBSD.org>2019-11-28 02:05:31 +0000
commit04cb0c38ebae013e6676fc402882b402cbfdba9d (patch)
treec421098f125e6175fcf1377dadbd489fdb36b84f /sys/modules/trm/Makefile
parent81c2e8a6f27c77bc3e385e47cdd350981fe0e8d5 (diff)
downloadsrc-04cb0c38ebae013e6676fc402882b402cbfdba9d.tar.gz
src-04cb0c38ebae013e6676fc402882b402cbfdba9d.zip
Add a cap on credential lifetime for Kerberized NFS.
The kernel RPCSEC_GSS code sets the credential (called a client) lifetime to the lifetime of the Kerberos ticket, which is typically several hours. As such, when a user's credentials change such as being added to a new group, it can take several hours for this change to be recognized by the NFS server. This patch adds a sysctl called kern.rpc.gss.lifetime_max which can be set by a sysadmin to put a cap on the time to expire for the credentials, so that a sysadmin can reduce the timeout. It also fixes a bug, where time_uptime is added twice when GSS_C_INDEFINITE is returned for a lifetime. This has no effect in practice, sine Kerberos never does this. Tested by: pen@lysator.liu.se PR: 242132 Submitted by: pen@lysator.liu.se MFC after: 2 weeks
Notes
Notes: svn path=/head/; revision=355157
Diffstat (limited to 'sys/modules/trm/Makefile')
0 files changed, 0 insertions, 0 deletions