<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Interesting! Thank you for the explanation.</p>
<p>This makes me wish GPFS had a client access model that more
closely mimicked parallel NAS, specifically for this reason. That
then got me wondering about pNFS support. I've not been able to
find much about that but in theory Ganesha supports pNFS. Does
anyone know of successful pNFS testing with GPFS and if so how one
would set up such a thing?</p>
<p>-Aaron<br>
</p>
<div class="moz-cite-prefix">On 08/25/2017 06:41 PM, IBM Spectrum
Scale wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OF73F36214.E059F748-ON85258187.007C64D8-85258187.007CAF6A@notes.na.collabserv.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<p><font size="2">Hi Aaron,</font><br>
<br>
<font size="2">If cluster A uses the mmauth command to grant a
file system read-only access to a remote cluster B, nodes on
cluster B can only mount that file system with read-only
access. But the only checking being done at the RPC level is
the TLS authentication. This should prevent non-root users
from initiating RPCs, since TLS authentication requires access
to the local cluster's private key. However, a root user on
cluster B, having access to cluster B's private key, might be
able to craft RPCs that may allow one to work around the
checks which are implemented at the file system level.</font><br>
<br>
<font size="2">Regards, The Spectrum Scale (GPFS) team<br>
<br>
------------------------------------------------------------------------------------------------------------------<br>
If you feel that your question can benefit other users of
Spectrum Scale (GPFS), then please post it to the public IBM
developerWroks Forum at <a
href="https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479"
moz-do-not-send="true">https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479</a>.
<br>
<br>
If your query concerns a potential software error in Spectrum
Scale (GPFS) and you have an IBM software maintenance contract
please contact 1-800-237-5511 in the United States or your
local IBM Service Center in other countries. <br>
<br>
The forum is informally monitored as time permits and should
not be used for priority messages to the Spectrum Scale (GPFS)
team.</font><br>
<br>
<img src="cid:part2.524B83E6.4AF8AE63@nasa.gov" alt="Inactive
hide details for Aaron Knister ---08/21/2017 11:04:06 PM---Hi
Everyone, I have a theoretical question about GPFS multi"
class="" height="16" width="16" border="0"><font size="2"
color="#424282">Aaron Knister ---08/21/2017 11:04:06 PM---Hi
Everyone, I have a theoretical question about GPFS
multiclusters and security.</font><br>
<br>
<font size="2" color="#5F5F5F">From: </font><font size="2">Aaron
Knister <a class="moz-txt-link-rfc2396E" href="mailto:aaron.s.knister@nasa.gov"><aaron.s.knister@nasa.gov></a></font><br>
<font size="2" color="#5F5F5F">To: </font><font size="2">gpfsug
main discussion list <a class="moz-txt-link-rfc2396E" href="mailto:gpfsug-discuss@spectrumscale.org"><gpfsug-discuss@spectrumscale.org></a></font><br>
<font size="2" color="#5F5F5F">Date: </font><font size="2">08/21/2017
11:04 PM</font><br>
<font size="2" color="#5F5F5F">Subject: </font><font size="2">[gpfsug-discuss]
multicluster security</font><br>
<font size="2" color="#5F5F5F">Sent by: </font><font size="2"><a class="moz-txt-link-abbreviated" href="mailto:gpfsug-discuss-bounces@spectrumscale.org">gpfsug-discuss-bounces@spectrumscale.org</a></font><br>
</p>
<hr style="color:#8091A5; " size="2" align="left"
noshade="noshade" width="100%"><br>
<br>
<br>
<tt><font size="2">Hi Everyone,<br>
<br>
I have a theoretical question about GPFS multiclusters and
security. <br>
Let's say I have clusters A and B. Cluster A is exporting a
filesystem <br>
as read-only to cluster B.<br>
<br>
Where does the authorization burden lay? Meaning, does the
security rely <br>
on mmfsd in cluster B to behave itself and enforce the
conditions of the <br>
multi-cluster export? Could someone using the credentials on a
<br>
compromised node in cluster B just start sending arbitrary nsd
<br>
read/write commands to the nsds from cluster A (or something
along those <br>
lines)? Do the NSD servers in cluster A do any sort of sanity
or <br>
security checking on the I/O requests coming from cluster B to
the NSDs <br>
they're serving to exported filesystems?<br>
<br>
I imagine any enforcement would go out the window with shared
disks in a <br>
multi-cluster environment since a compromised node could just
"dd" over <br>
the LUNs.<br>
<br>
Thanks!<br>
<br>
-Aaron<br>
<br>
-- <br>
Aaron Knister<br>
NASA Center for Climate Simulation (Code 606.2)<br>
Goddard Space Flight Center<br>
(301) 286-2776<br>
_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at spectrumscale.org<br>
</font></tt><tt><font size="2"><a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=IbxtjdkPAM2Sbon4Lbbi4w&m=oK_bEPbjuD7j6qLTHbe7HM4ujUlpcNYtX3tMW2QC7_w&s=BliMQ0pToLIIiO1jfyUp2Q3icewcONrcmHpsIj_hMtY&e="
moz-do-not-send="true">https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=IbxtjdkPAM2Sbon4Lbbi4w&m=oK_bEPbjuD7j6qLTHbe7HM4ujUlpcNYtX3tMW2QC7_w&s=BliMQ0pToLIIiO1jfyUp2Q3icewcONrcmHpsIj_hMtY&e=</a></font></tt><tt><font
size="2"> <br>
<br>
</font></tt><br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
<a class="moz-txt-link-freetext" href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a>
</pre>
</blockquote>
<br>
</body>
</html>