NFS RPC-with-TLS support

JeWe37 · September 5, 2024, 12:39pm

Problem/Justification
Kerberos based encryption is complex to configure and potenially slow. By contrast, the new RPC-over-TLS features available in Linux as of kernel 6.5 are comparatively simple to configure and based on simple x509 certificates. Offering RPC-over-TLS based encryption and mTLS authentication could address the needs in smaller environments.

Impact
This will help ease authentication needs in smaller environments where Kerberos is not desirable.

User Story
I would like to authenticate the servers using TrueNAS as their storage backend by simply distributing the required certificates to them, rather than having to configure Kerberos.

Jamie_Schnaitter · November 13, 2024, 6:34pm

This would be a really useful feature across the board. Krb5 based encryption is complex and has a lot of drawbacks. The kernel in SCALE is already new enough to support this, so it should just be a matter of adding support to the middleware and GUI