New kernel old nfs-utils
J. Bruce Fields
bfields at fieldses.org
Fri Feb 1 14:52:39 EST 2008
On Wed, Jan 30, 2008 at 11:25:31AM -0500, Dave Quigley wrote:
> hmm it seems to have an issue realizing that seclabel is a security type
> and not a host name.
>
> /usr/sbin/exportfs -a
> exportfs: seclabel has non-inet addr
> exportfs: seclabel has non-inet addr
>
> cat /etc/exports
>
> /exports seclabel(rw,fsid=0,security_label,no_subtree_check,sync)
> /exports *(rw,fsid=0,security_label,no_subtree_check,sync)
It's been a while since I looked at this.... But I think
nfs-utils/support/export/client.c:client_gettype() is the function that
makes this decision.
There is no generalized mechanism for specifying rpc security flavors
as "clients" in this way, there's just this specific hack that works for
gss mechanisms.
The new "sec=" option doesn't just pass the given string down to the
kernel either, actually--it explicitly checks the named flavors against
its list of known flavors.
So I don't think you can avoiding modifying nfs-utils.
--b.
More information about the NFSv4
mailing list