From: Tom Haynes <Thomas.Haynes-UdXhSnd/wVw@public.gmane.org>
To: Chuck Lever <Chuck.Lever@oracle.com>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
Trond Myklebust <Trond.Myklebust@netapp.com>,
NFS list <linux-nfs@vger.kernel.org>
Subject: Re: mount.nfs: access denied by server
Date: Tue, 25 Aug 2009 11:49:48 -0500 [thread overview]
Message-ID: <4A94162C.20904@sun.com> (raw)
In-Reply-To: <1EEDD90B-709F-4C78-97B4-6107AE100162@oracle.com>
Chuck Lever wrote:
>
> RFC 2623 suggests how the server should sort the returned flavor
> list. However I don't think there's a consistent algorithm the client
> can use with that list to determine a good default for that mount.
> So, I would argue that any client that uses the "first" or "last"
> entry in that list as the mount's auth flavor is probably broken; it
> should pick a sec= default for all mounts, and if it's not on the
> returned list, fail the mount. That is, incidentally, what the kernel
> MNT client does now.
>
The MOUNT Version 3 protocol, associated with NFS Version 3, solves
the problem by having the response to the MNT procedure include a
list of flavors in the MNT procedure. Note that because some NFS
servers will export file systems to specific lists of clients, with
different access (read-only versus read-write), and with different
security flavors, it is possible a client might get back multiple
security flavors in the list returned in the MNT response. The use of
one flavor instead of another might imply read-only instead of read-
write access, or perhaps some other degradation of access. For this
reason, a NFS client SHOULD use the first flavor in the list that it
supports, on the assumption that the best access is provided by the
first flavor. NFS servers that support the ability to export file
systems with multiple security flavors SHOULD either present the best
accessing flavor first to the client, or leave the order under the
control of the system administrator.
It sounds pretty clear, the server SHOULD order them in some fashion and
the client SHOULD
pick the first one it supports in the list. It is not 'MUST', but if all
servers and clients follow the same
algorithm, it becomes accepted practice.
Having said that, our nfssec(5) states that a client can pick any of the
modes in the list.
But our server returns them in the order entered in the share by the admin.
The client either:
1) Uses the explicit flavor set in the mount command.
or
2) Uses the first supported one in the list.
or
3) Fails the mount.
With OpenSolaris NFSv3, there is no autonegotiation. With NFSv4, we
support the autonegotiation
as defined in the protocol.
We just went through a regression with this algorithm.
next prev parent reply other threads:[~2009-08-25 16:49 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-20 7:13 mount.nfs: access denied by server Wu Fengguang
2009-08-20 7:19 ` Wu Fengguang
2009-08-20 13:02 ` Trond Myklebust
[not found] ` <1250773349.5352.23.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 1:27 ` Wu Fengguang
2009-08-21 1:27 ` Wu Fengguang
2009-08-21 2:36 ` Trond Myklebust
[not found] ` <1250822171.6514.29.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 17:50 ` Chuck Lever
2009-08-21 17:50 ` Chuck Lever
2009-08-22 1:48 ` Wu Fengguang
2009-08-21 18:16 ` Fwd: " Chuck Lever
2009-08-21 18:20 ` J. Bruce Fields
2009-08-21 20:20 ` Chuck Lever
2009-08-24 12:15 ` Fwd: " Steve Dickson
2009-08-21 18:24 ` J. Bruce Fields
2009-08-21 18:46 ` Chuck Lever
2009-08-21 20:04 ` J. Bruce Fields
2009-08-21 20:18 ` Tom Haynes
[not found] ` <4A8F0118.60705-xsfywfwIY+M@public.gmane.org>
2009-08-21 20:39 ` Peter Staubach
2009-08-21 20:59 ` J. Bruce Fields
2009-08-21 21:08 ` Trond Myklebust
[not found] ` <1250888892.5700.7.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 21:21 ` J. Bruce Fields
2009-08-21 20:36 ` Chuck Lever
2009-08-21 21:15 ` Trond Myklebust
[not found] ` <1250889345.5700.11.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 21:21 ` Tom Haynes
[not found] ` <4A8F0FCC.2080709-xsfywfwIY+M@public.gmane.org>
2009-08-21 21:25 ` Trond Myklebust
2009-08-21 21:30 ` J. Bruce Fields
2009-08-21 21:40 ` Trond Myklebust
[not found] ` <1250890836.5700.19.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 21:47 ` J. Bruce Fields
2009-08-21 21:51 ` Trond Myklebust
[not found] ` <1250891463.5700.21.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-24 16:10 ` J. Bruce Fields
2009-08-24 16:22 ` Chuck Lever
2009-08-24 17:06 ` Trond Myklebust
[not found] ` <1251133618.6325.262.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-24 17:41 ` J. Bruce Fields
2009-08-25 15:36 ` Chuck Lever
2009-08-25 16:49 ` Tom Haynes [this message]
[not found] ` <4A94162C.20904-xsfywfwIY+M@public.gmane.org>
2009-08-25 16:58 ` Trond Myklebust
[not found] ` <1251219492.25372.3.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 18:17 ` Tom Haynes
[not found] ` <4A942ACF.4030502-xsfywfwIY+M@public.gmane.org>
2009-08-25 18:39 ` Trond Myklebust
[not found] ` <1251225543.25372.22.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 18:43 ` Trond Myklebust
[not found] ` <1251225797.25372.25.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 22:17 ` Tom Haynes
[not found] ` <4A9462E4.5020404-xsfywfwIY+M@public.gmane.org>
2009-08-25 23:20 ` Trond Myklebust
[not found] ` <1251242416.5403.3.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 23:37 ` [nfs-discuss] " Nicolas Williams
[not found] ` <20090825233758.GZ1033-UdXhSnd/wVw@public.gmane.org>
2009-08-26 0:21 ` Trond Myklebust
[not found] ` <1251246105.5403.12.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-26 21:03 ` Nicolas Williams
2009-08-25 17:40 ` Chuck Lever
2009-08-25 18:02 ` Tom Haynes
2009-08-25 18:10 ` J. Bruce Fields
2009-08-25 19:05 ` Chuck Lever
2009-08-21 22:21 ` Chuck Lever
2009-08-21 21:41 ` Chuck Lever
2009-08-21 19:07 ` Thomas Haynes
[not found] ` <760BE185-BE57-42C2-817C-6776B5B66667-xsfywfwIY+M@public.gmane.org>
2009-08-21 19:22 ` Chuck Lever
2009-08-21 19:40 ` Tom Haynes
[not found] ` <4A8EF847.8030500-xsfywfwIY+M@public.gmane.org>
2009-08-21 20:04 ` Chuck Lever
2009-08-21 20:41 ` Peter Staubach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A94162C.20904@sun.com \
--to=thomas.haynes-udxhsnd/wvw@public.gmane.org \
--cc=Chuck.Lever@oracle.com \
--cc=Trond.Myklebust@netapp.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.