[PATCH] nfsd: pass client principal name in rsc downcall
J. Bruce Fields
bfields at fieldses.org
Tue Jan 15 21:22:35 EST 2008
On Tue, Jan 15, 2008 at 08:43:12PM -0500, Trond Myklebust wrote:
>
> On Tue, 2008-01-15 at 19:51 -0500, J. Bruce Fields wrote:
> > Sorry, there still seems to be a misunderstanding. This isn't the
> > principal that the calls will be authenticated *as*. This is the
> > principal that the calls will authenticate *to*. That principal is
> > always the same, for all rpc clients. This isn't a special case in that
> > respect.
>
> So this would be the service principal name for the callback channel?
Yes.
> If so, then how do you see the client setting this? Isn't it supposed to
> use that particular principal for the SETCLIENTID operation?
Yes. The client can use whatever principal it likes for the
SETCLIENTID, but callbacks will only be possible if it chooses a service
principal for that (as opposed to a regular user's credential).
So the client should really make an effort to do the SETCLIENTID as a
service principal. And before the client to do that, I agree that
changes to the gssd upcall will be required.
--b.
More information about the NFSv4
mailing list