Branch: refs/heads/main Home: https://github.com/gssapi/gssproxy Commit: daaa2334d02553d136e10bf5b3a1a1ddd23eefd4 https://github.com/gssapi/gssproxy/commit/daaa2334d02553d136e10bf5b3a1a1ddd2... Author: Scott Mayhew smayhew@redhat.com Date: 2021-09-03 (Fri, 03 Sep 2021)

Changed paths: M src/gp_config.c

Log Message: ----------- Call gp_debug_toggle() sooner

Currently gp_debug_toggle() is called at the end of load_config(), and as a result any GPDEBUG() calls that happen during config processing are no-ops.

Signed-off-by: Scott Mayhew smayhew@redhat.com

Commit: c6847f012b326a7e27dbe79d8df0faafdeb2dbef https://github.com/gssapi/gssproxy/commit/c6847f012b326a7e27dbe79d8df0faafde... Author: Scott Mayhew smayhew@redhat.com Date: 2021-09-03 (Fri, 03 Sep 2021)

Changed paths: M examples/99-nfs-client.conf.in M man/gssproxy.conf.5.xml M src/gp_config.c M src/gp_creds.c M src/gp_proxy.h

Log Message: ----------- Add an option for minimum lifetime

It's possible for gssproxy to return a cached credential with a very small remaining lifetime. This can be problematic for NFS clients since it requires a round trip to the NFS server to establish a GSS context. Add a min_lifetime option that represents the lowest value that the lifetime of the cached credential can be. Any lower than that, and gp_check_cred() returns GSS_S_CREDENTIALS_EXPIRED, so that gp_add_krb5_creds() is forced to try to obtain a new credential.

Signed-off-by: Scott Mayhew smayhew@redhat.com

Compare: https://github.com/gssapi/gssproxy/compare/00bcb2dd4fe2...c6847f012b32