New kernel old nfs-utils
J. Bruce Fields
bfields at fieldses.org
Tue Jan 29 17:19:22 EST 2008
On Tue, Jan 29, 2008 at 04:54:38PM -0500, Dave Quigley wrote:
>
> On Tue, 2008-01-29 at 17:06 -0500, J. Bruce Fields wrote:
> > On Tue, Jan 29, 2008 at 04:43:04PM -0500, Dave Quigley wrote:
> > > On newer nfs-utils sec=flavor seems to be valid in the exports file. In
> > > 1.0.9 it doesn't seem to be the case. It is telling me that sec isn't a
> > > valid keyword. It could be that it is failing on the value it is set to
> > > but if that is the case then the error message is completely wrong for
> > > that kind of failure.
> >
> > Oh, right. The sec= thing is a new feature that requires both a new
> > nfs-utils and a new kernel to work. So on an older setup you need to
> > do:
> >
> > /exports gss/krb5(rw)
> > /exports gss/krb5i(rw)
> >
> > intead of
> >
> > /exports *(rw,sec=krb5:krb5i)
> >
> > --b.
> so if we made a new auth method called seclabel and we wanted both unix
> and seclabel would I do:
>
> /exports seclabel(rw)
> /exports unix(rw)
Well, more likely
/exports seclabel(rw)
/exports *(rw)
The "unix" is implicit in the second one.
And you'd probably want to choose something other than
"seclabel"--something less likely to be confused with a host name or
netgroup.
It may be possible to support the old syntax, but I wouldn't recommend
it; just use the new. But, yes, that does mean you'll need a newer
nfs-utils and kernel both.
--b.
More information about the NFSv4
mailing list