NFSv4-patched ACL lib dependencies
J. Bruce Fields
bfields at fieldses.org
Tue Jul 8 10:39:08 EDT 2008
On Mon, Jul 07, 2008 at 11:36:03PM -0400, Kevin Coffman wrote:
> On Mon, Jul 7, 2008 at 6:53 PM, J. Bruce Fields <bfields at fieldses.org> wrote:
> > On Mon, Jul 07, 2008 at 03:24:06PM -0700, Paarvai Naai wrote:
> >> Hi all,
> >>
> >> I'm returning to the issue of NFSv4 in the process of upgrading my
> >> company's servers. I noticed on the following page
> >>
> >> http://www.citi.umich.edu/projects/nfsv4/linux/
> >>
> >> it states that "... the patches make fundamental utilities such as cp
> >> and ls depend on ldap and krb5 libraries (among others) ...." This is
> >> basically the same issue that I had a while ago (cf. "Problem with ACL
> >> lib dependencies" from Nov 21, 2006).
> >>
> >> I have one possible suggestion. Specifically, it looks like the
> >> dependencies primarily originate from the use of
> >> /usr/lib/libnfsidmap.so. Rather than dynamically linking to
> >> /usr/lib/libnfsidmap.so, one could use dlopen to dynamically open
> >> /usr/lib/libnfsidmap.so during run-time and populate function pointers
> >> to the functions needed by the patched libacl.so. If
> >> /usr/lib/libnfsidmap.so is not available, then nfsv4 support can
> >> simply be bypassed at runtime. In this way, it is possible to have a
> >> patched version of libacl (normally found in /lib) that is not by
> >> default dependent on libraries in /usr/lib. This type of fix can also
> >> help facilitate propagating the patches for libacl upstream so they
> >> are available in common Linux distributions by default.
> >
> > Yup, that sounds like a good idea (patches welcome...).
> >
> > Also, I think Olga had some patches to use dlopen() as needed in libacl
> > or librpcsec_gss and remove the need for some of their dependencies--but
> > I've forgotten what happened to that effort.
>
> I have not heard any feedback on this yet... Perhaps I should just
> put it out and wait for complaints?
Maybe so. An example or two of the new idmapd.conf syntax might also
give people something to comment on.
--b.
>
> Date: Thu, 10 Apr 2008 11:32:29 -0400
> From: "Kevin Coffman" <kwc at citi.umich.edu>
> To: nfsv4 <nfsv4 at linux-nfs.org>
> Subject: libnfsidmap-0.21b1 (beta) is available
>
> A new *BETA* version of libnfsidmap is now available from
> http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/libnfsidmap-0.21=
> b1.tar.gz
>
> Changes since libnfsidmap-0.20:
>
> The main library has been changed to load "plugin" libraries to
> perform the mappings. This decouples the main library from any ldap
> (and sasl, etc.) dependencies.
>
> Several translation methods (plugins) may now be specified in the
> idmapd.conf file. While a plugin returns -ENOENT, the next is called
> until a mapping is found, or there are no more plugins to try.
>
> A "static" mapping plugin from David H=E4rdeman <david at hardeman.nu> has
> been added.
>
> A "gums" mapping plugin from Olga Kornievskaia <aglo at citi.umich.edu>
> has been added. Olga also did most of the work to convert the code to
> use this new plugin architecture.
>
> The interface is changed to add two new functions,
> nfs4_gss_princ_to_ids_ex(), and nfs4_gss_princ_to_grouplist_ex() which
> allow extra information to be passed to these mapping functions.
>
> Please try it out and give us feedback.
More information about the NFSv4
mailing list