From: "J. Bruce Fields" <bfields@fieldses.org>
To: Jeff Layton <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH v10 0/8] nfsd: overhaul the client name tracking code
Date: Tue, 27 Mar 2012 11:06:57 -0400 [thread overview]
Message-ID: <20120327150656.GB32055@fieldses.org> (raw)
In-Reply-To: <20120326200212.GD26254@fieldses.org>
On Mon, Mar 26, 2012 at 04:02:12PM -0400, J. Bruce Fields wrote:
> Having looked at it longer: first, I can't see how 4.1/krb5 callbacks
> ever really worked. That's a project for another day. (Soon, but
> probably not for 3.4.)
Bah, I'm stupid, I'd forgotten how 4.1 backchannel security works: the
client chooses which flavor(s) are acceptable in create_session (or the
mandatory but unimplemented backchannel_ct). The Linux client always
chooses auth_sys. We've never really paid much attention to the client.
Before we basically just used auth_sys no matter what. Now we're using
krb5 in the krb5 case. Both are wrong, but the latter also breaks in
practice against the Linux client.
I think I changed the behavior accidentally while overhauling the 4.1
server's callback and trunking behavior, probably with 80fc015bdfe
"nfsd4: use common rpc_cred for all callbacks".
I'll look into doing this a little more correctly....
--b.
prev parent reply other threads:[~2012-03-27 15:06 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-21 13:52 [PATCH v10 0/8] nfsd: overhaul the client name tracking code Jeff Layton
2012-03-21 13:52 ` [PATCH v10 1/8] nfsd: convert nfs4_client->cl_cb_flags to a generic flags field Jeff Layton
2012-03-21 20:41 ` J. Bruce Fields
2012-03-21 20:52 ` Jeff Layton
2012-03-21 21:05 ` J. Bruce Fields
2012-03-21 13:52 ` [PATCH v10 2/8] nfsd: add nfsd4_client_tracking_ops struct and a way to set it Jeff Layton
2012-03-21 20:42 ` [PATCH v11 " Jeff Layton
2012-03-21 23:59 ` [PATCH v10 " Jeff Layton
2012-03-21 13:52 ` [PATCH v10 3/8] sunrpc: create nfsd dir in rpc_pipefs Jeff Layton
2012-03-23 12:12 ` J. Bruce Fields
2012-03-23 13:31 ` J. Bruce Fields
2012-03-23 15:20 ` Myklebust, Trond
2012-03-23 15:22 ` J. Bruce Fields
2012-03-23 15:34 ` Myklebust, Trond
2012-03-23 15:53 ` Jeff Layton
2012-03-23 16:12 ` Jeff Layton
2012-03-23 17:04 ` J. Bruce Fields
2012-03-28 23:09 ` [PATCH] nfsd4: use auth_unix unconditionally on backchannel J. Bruce Fields
2012-03-28 23:16 ` Myklebust, Trond
2012-03-28 23:46 ` J. Bruce Fields
2012-03-29 14:29 ` Matt W. Benjamin
2012-03-29 14:29 ` Matt W. Benjamin
2012-03-29 14:48 ` J. Bruce Fields
2012-03-23 16:00 ` [PATCH v10 3/8] sunrpc: create nfsd dir in rpc_pipefs J. Bruce Fields
2012-03-21 13:52 ` [PATCH v10 4/8] nfsd: add a per-net-namespace struct for nfsd Jeff Layton
2012-03-21 13:52 ` [PATCH v10 5/8] nfsd: add a header describing upcall to nfsdcld Jeff Layton
2012-03-21 13:52 ` [PATCH v10 6/8] nfsd: add the infrastructure to handle the cld upcall Jeff Layton
2012-03-21 13:52 ` [PATCH v10 7/8] nfsd: add notifier to handle mount/unmount of rpc_pipefs sb Jeff Layton
2012-03-21 13:52 ` [PATCH v10 8/8] nfsd: don't allow legacy client tracker init for anything but init_net Jeff Layton
2012-03-23 17:06 ` [PATCH v10 0/8] nfsd: overhaul the client name tracking code J. Bruce Fields
2012-03-23 17:26 ` Jeff Layton
2012-03-26 20:02 ` J. Bruce Fields
2012-03-27 15:06 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120327150656.GB32055@fieldses.org \
--to=bfields@fieldses.org \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.