From: Tom Haynes <Thomas.Haynes-UdXhSnd/wVw@public.gmane.org>
To: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: NFS list <linux-nfs@vger.kernel.org>,
nfs-discuss-xZgeD5Kw2fzokhkdeNNY6A@public.gmane.org
Subject: Re: mount.nfs: access denied by server
Date: Tue, 25 Aug 2009 17:17:08 -0500 [thread overview]
Message-ID: <4A9462E4.5020404@sun.com> (raw)
In-Reply-To: <1251225797.25372.25.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
Trond Myklebust wrote:
> On Tue, 2009-08-25 at 14:39 -0400, Trond Myklebust wrote:
>
>> On Tue, 2009-08-25 at 13:17 -0500, Tom Haynes wrote:
>>
>>> Trond Myklebust wrote:
>>>
>>>> On Tue, 2009-08-25 at 11:49 -0500, Tom Haynes wrote:
>>>>
>>>>
>>>>> With OpenSolaris NFSv3, there is no autonegotiation. With NFSv4, we
>>>>> support the autonegotiation
>>>>> as defined in the protocol.
>>>>>
>>>>> We just went through a regression with this algorithm.
>>>>>
>>>>>
>>>> NFSv4 also allows the server to change the list of supported security
>>>> flavours on the fly at any point in the namespace, and at any time. How
>>>> does OpenSolaris currently deal with this?
>>>>
>>>>
>>>>
>>> The client gets a WRONGSEC and then initiates auto-negotiation.
>>>
>>>
>> Right, but are there any limits to that?
>>
>> Will it, for instance, allow process 1 to continue using auth_sys, while
>> process 2 switches to using krb5 on the same file?
>>
From *reading* the code, I think process 1 is fat, dumb, and happy
until it tries an
action which generates a WRONGSEC. At that point it will have to negotiate.
>> Should it recover in the case where the administrator suddenly removes
>> krb5 from the list, and replaces it with krb5i on all subdirectories
>> of ../../.. relative to your current working directory?
>>
>
> Sorry. Let me be more specific...
>
> Say you have
>
> /foo sec=krb5,rw
>
> and the administrator adds a new rule
>
> /foo/bar sec=krb5i,rw
>
> Will your autonegotiator be able to recover processes that are working
> in /foo/bar/... without disturbing those working in /foo/baz/... ?
>
>
I'll let someone who knows the client give the real response, but
consider two
threads, one in /foo/baz and one in /foo/bar.
The one in /foo/baz will never get a WRONGSEC.
The one in /foo/bar may never get one either - depending on the server
implementation.
i.e., the server has probably put the FSID in the FH. The client is
handing back
what is probably a non-volatile FH and the server has to honor it. And
the server
may have no clue that the FH is under a new mount point.
What happens if the client redrives a LOOKUP of the directory entry? It
should
discover that the FHs no longer match and do some sort of recovery.
> Cheers
> Trond
>
>
Sounds like a great thing to test at the next BAT. :->
next prev parent reply other threads:[~2009-08-25 22:17 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-20 7:13 mount.nfs: access denied by server Wu Fengguang
2009-08-20 7:19 ` Wu Fengguang
2009-08-20 13:02 ` Trond Myklebust
[not found] ` <1250773349.5352.23.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 1:27 ` Wu Fengguang
2009-08-21 1:27 ` Wu Fengguang
2009-08-21 2:36 ` Trond Myklebust
[not found] ` <1250822171.6514.29.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 17:50 ` Chuck Lever
2009-08-21 17:50 ` Chuck Lever
2009-08-22 1:48 ` Wu Fengguang
2009-08-21 18:16 ` Fwd: " Chuck Lever
2009-08-21 18:20 ` J. Bruce Fields
2009-08-21 20:20 ` Chuck Lever
2009-08-24 12:15 ` Fwd: " Steve Dickson
2009-08-21 18:24 ` J. Bruce Fields
2009-08-21 18:46 ` Chuck Lever
2009-08-21 20:04 ` J. Bruce Fields
2009-08-21 20:18 ` Tom Haynes
[not found] ` <4A8F0118.60705-xsfywfwIY+M@public.gmane.org>
2009-08-21 20:39 ` Peter Staubach
2009-08-21 20:59 ` J. Bruce Fields
2009-08-21 21:08 ` Trond Myklebust
[not found] ` <1250888892.5700.7.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 21:21 ` J. Bruce Fields
2009-08-21 20:36 ` Chuck Lever
2009-08-21 21:15 ` Trond Myklebust
[not found] ` <1250889345.5700.11.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 21:21 ` Tom Haynes
[not found] ` <4A8F0FCC.2080709-xsfywfwIY+M@public.gmane.org>
2009-08-21 21:25 ` Trond Myklebust
2009-08-21 21:30 ` J. Bruce Fields
2009-08-21 21:40 ` Trond Myklebust
[not found] ` <1250890836.5700.19.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-21 21:47 ` J. Bruce Fields
2009-08-21 21:51 ` Trond Myklebust
[not found] ` <1250891463.5700.21.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-24 16:10 ` J. Bruce Fields
2009-08-24 16:22 ` Chuck Lever
2009-08-24 17:06 ` Trond Myklebust
[not found] ` <1251133618.6325.262.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-24 17:41 ` J. Bruce Fields
2009-08-25 15:36 ` Chuck Lever
2009-08-25 16:49 ` Tom Haynes
[not found] ` <4A94162C.20904-xsfywfwIY+M@public.gmane.org>
2009-08-25 16:58 ` Trond Myklebust
[not found] ` <1251219492.25372.3.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 18:17 ` Tom Haynes
[not found] ` <4A942ACF.4030502-xsfywfwIY+M@public.gmane.org>
2009-08-25 18:39 ` Trond Myklebust
[not found] ` <1251225543.25372.22.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 18:43 ` Trond Myklebust
[not found] ` <1251225797.25372.25.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 22:17 ` Tom Haynes [this message]
[not found] ` <4A9462E4.5020404-xsfywfwIY+M@public.gmane.org>
2009-08-25 23:20 ` Trond Myklebust
[not found] ` <1251242416.5403.3.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-25 23:37 ` [nfs-discuss] " Nicolas Williams
[not found] ` <20090825233758.GZ1033-UdXhSnd/wVw@public.gmane.org>
2009-08-26 0:21 ` Trond Myklebust
[not found] ` <1251246105.5403.12.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-08-26 21:03 ` Nicolas Williams
2009-08-25 17:40 ` Chuck Lever
2009-08-25 18:02 ` Tom Haynes
2009-08-25 18:10 ` J. Bruce Fields
2009-08-25 19:05 ` Chuck Lever
2009-08-21 22:21 ` Chuck Lever
2009-08-21 21:41 ` Chuck Lever
2009-08-21 19:07 ` Thomas Haynes
[not found] ` <760BE185-BE57-42C2-817C-6776B5B66667-xsfywfwIY+M@public.gmane.org>
2009-08-21 19:22 ` Chuck Lever
2009-08-21 19:40 ` Tom Haynes
[not found] ` <4A8EF847.8030500-xsfywfwIY+M@public.gmane.org>
2009-08-21 20:04 ` Chuck Lever
2009-08-21 20:41 ` Peter Staubach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A9462E4.5020404@sun.com \
--to=thomas.haynes-udxhsnd/wvw@public.gmane.org \
--cc=Trond.Myklebust@netapp.com \
--cc=linux-nfs@vger.kernel.org \
--cc=nfs-discuss-xZgeD5Kw2fzokhkdeNNY6A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.