secinfo and so on
J. Bruce Fields
bfields at fieldses.org
Tue May 22 12:54:00 EDT 2007
On Tue, May 22, 2007 at 05:10:09PM +1000, Neil Brown wrote:
> Would you believe "Brilliant but intolerable"???
>
> It looks like the right solution to an awkward problem (imagine using
> kerberos for nfs but not mountd or NLM... That's like using AUTH_UNIX
> for nfsd but AUTH_NONE for NLM.. No one would do that. No wait, they
> did).
I do sympathize....
And it might be worth looking into whether we could also sanely
gss-enable mount and nlm on the client. I tried this for mount at some
point and remember finding it was pretty easy (modulo some build
problems which would be solved now that we've got mount in nfs-utils),
but at the time I didn't try to think about how it would affect
interoperability without servers.
For now, I think we just say that v2/v3 over gss will give at least some
improvement over non-kerberized nfs, and hopefully will help the
migration to v4 (which, whatever else one might say about it, at least
doesn't have this particular wart).
> So I'll drop the intolerable.
>
> However I'd like to see the nfs-utils side before giving a stamp of
> approval. It's always best to make sure one has to full picture
> before committing to something.
Sure. I should probably give it a quick review first. Not sure
when--I'm on vacation in Toronto now, but I'm not much of a sight-seer,
so I may be doing a little more work in the mornings. But in the worst
case I'll get back to this next week.
--b.
More information about the NFSv4
mailing list