It would be a bad idea to place Kerberos V5 replay caches on datasets with sync=barrier. Would it be possible to make /var/krb5/rcache a separate dataset with sync explicitly set (to prevent inherittance)? I'd be happy with an RFE for the installer to do this, or perhaps it could be done by a self-assembly SMF service on first boot (advice welcome).
(Incidentally, I've a fix for 6794523 rcache could skip fsync(2)s ... that causes the rcache to use fsync() only in some cases while remaining secure. See the CR, but keep in mind that its comments are out of date.) Nico -- _______________________________________________ opensolaris-arc mailing list [email protected]
