From: Peter Staubach <staubach@redhat.com>
To: bc Wong <bcwalrus@gmail.com>
Cc: Chuck Lever <chuck.lever@oracle.com>,
trond.myklebust@fys.uio.no, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] nfs-utils: Handle authentication flavour order properly
Date: Fri, 07 Mar 2008 14:10:46 -0500 [thread overview]
Message-ID: <47D19336.9010903@redhat.com> (raw)
In-Reply-To: <f88853200803071059yf523114wcabb12fdeee7b8d6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
bc Wong wrote:
> On Fri, Mar 7, 2008 at 10:29 AM, Peter Staubach <staubach@redhat.com> wrote:
>
>> Actually, NFS servers that support AUTH_NONE, map the uid and gid to the
>> anonymous uid and gids for access to file systems which are exported
>> AUTH_NONE. It doesn't seem to matter what authentication flavor that
>> the client uses.
>>
>> ps
>>
>
> Hi Peter,
>
> My concern is that a server supports both AUTH_SYS and AUTH_NONE,
> where AUTH_SYS would give you the regular access, and AUTH_NONE
> would give the anon access as you described, which is typically a
> degraded read-only view. Therefore it's bad for the client to choose
> AUTH_NONE in this case, especially since the server presents
> AUTH_SYS *before* AUTH_NONE.
>
> I'll test more with AUTH_NONE on Solaris. Is there any specific setup
> you'd like me to verify?
Do you know of any client NFS implementations that can actually generate
requests with AUTH_NONE as the authentication flavor? Which server
implementation supports the mode that you described?
As far as I know, all servers, which support exporting with AUTH_NONE,
always map the incoming uid and gid(s) to the anonymous uid and gid when
they process the request for a file system which is exported with AUTH_NONE.
It doesn't seem to matter what the incoming authentication flavor was.
Thanx...
ps
next prev parent reply other threads:[~2008-03-07 19:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-07 3:08 [PATCH] nfs-utils: Handle authentication flavour order properly bc Wong
[not found] ` <f88853200803061908y497164bdpdff7b9109567d8c0-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 16:16 ` Chuck Lever
2008-03-07 18:11 ` bc Wong
[not found] ` <f88853200803071011j3a70b0abka9142396d3275b10-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 18:27 ` Peter Staubach
2008-03-07 18:29 ` Peter Staubach
2008-03-07 18:59 ` bc Wong
[not found] ` <f88853200803071059yf523114wcabb12fdeee7b8d6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 19:10 ` Peter Staubach [this message]
2008-03-07 19:38 ` bc Wong
[not found] ` <f88853200803071138n58d16ca6t4f4410d587141141-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 20:28 ` Peter Staubach
2008-03-11 19:28 ` bc Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47D19336.9010903@redhat.com \
--to=staubach@redhat.com \
--cc=bcwalrus@gmail.com \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.