From: "J. Bruce Fields" <bfields@fieldses.org>
To: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Neil Brown <neilb@suse.de>, Steve Dickson <SteveD@redhat.com>,
Spelic <spelic@shiftmail.org>,
linux-nfs@vger.kernel.org
Subject: Re: NFSv4 behaviour on unknown users
Date: Wed, 1 Dec 2010 11:29:12 -0500 [thread overview]
Message-ID: <20101201162912.GC6832@fieldses.org> (raw)
In-Reply-To: <1291173002.7694.7.camel@heimdal.trondhjem.org>
On Tue, Nov 30, 2010 at 10:10:02PM -0500, Trond Myklebust wrote:
> On Wed, 2010-12-01 at 13:57 +1100, Neil Brown wrote:
> > I have a strong memory from about 7 years ago of Brian Pawlowski saying - or
> > possibly being quoted as saying - that the user information in NFS requests
> > (the stuff that idmapper handles) is totally independent of the RPC
> > authentication mechanism being used (the AUTH_SYS / RPCSEC_GSS stuff).
> >
> > I always thought that was nonsense, but I wasn't in a position to discuss it
> > at the time for reasons that I really don't recall.
> >
> > If users are being authorised using numbers (AUTH_SYS) then it only (to me)
> > makes sense to communication all identies as numbers.
> > And if users are being authenticated as name@domain strings, then it only
> > make sense to communicate all identities as name@domain.
> >
> > But this path is not the path for NFSv4 followed.
> >
> > I've very glad to see Linux NFS allowing numeric IDs "on the wire" and hope
> > to see this very sensible approach widely adopted (where AUTH_SYS is used).
> > I think it would be great if nfsd did the same thing completely in-kernel
> > without reference to idmapd. Accepting either numeric or domain-based is
> > trivial. Choosing which to send on a per-client basis might be a challenge,
> > but probably not a big one.
> >
> >
> > I wonder if Brian remembers saying anything like that...
>
> I think you need to take beepy's words in context here: as I believe I
> mentioned previously, RFC3530 (and its predecessor RFC3010) assumed
> everyone would be using principals for authenticating, either through
> RPCSEC_GSS w/ krb5, or through the SPKM/Lipkey mechanism. So sure was
> everyone of this, that AUTH_SYS isn't even mentioned as a valid
> authentication mechanism, and so nobody had to worry about the
> consequences of using it.
I also wonder whether the value of a transparent upgrade from NFSv3 got
a little lost.
To me that seems like the first requirement for version n+1 of
anything--that we should be able to upgrade people to version n without
their noticing.
Maybe there are features that are necessarily incompatible, and that
merit the downside, but the downside--losing the chance to get new
features to every user automatically--seems significant to me.
And, perhaps it's a disease, but I have gotten into the habit of
thinking of the (krb5 principal)->(id, gid's) mapping as independent of
the (NFSv4 user name)<->(uid) and (NFSv4 group name)<->(gid) mappings.
Granted they have to be coordinated on any reasonably complicated setup.
But there are simple cases where they don't necessarily need to be.
E.g. on a dumb "cp -ax / /nfs" backup it doesn't really matter "who"
does the backup as long as they have sufficient permissions, since the
files will all be explicitly chown'd as they're created. And with krb5
it's simple enough to make that work with a single static mapping from a
client-side principal to root on the server.
And, again, that's something that works now with NFSv3.
--b.
next prev parent reply other threads:[~2010-12-01 16:29 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-29 18:12 NFSv4 behaviour on unknown users Spelic
2010-11-29 18:22 ` Trond Myklebust
2010-11-29 18:38 ` Spelic
2010-11-29 19:01 ` J. Bruce Fields
2010-11-29 19:09 ` Trond Myklebust
2010-11-30 15:36 ` Steve Dickson
2010-11-30 22:19 ` Trond Myklebust
2010-11-30 22:26 ` J. Bruce Fields
2010-11-30 22:33 ` Trond Myklebust
2010-11-30 22:36 ` J. Bruce Fields
2010-11-30 22:47 ` Trond Myklebust
2010-12-01 2:57 ` Neil Brown
2010-12-01 3:10 ` Trond Myklebust
2010-12-01 3:23 ` Neil Brown
2010-12-01 16:29 ` J. Bruce Fields [this message]
2010-12-02 23:10 ` Thomas Haynes
2010-12-02 23:18 ` Trond Myklebust
2010-12-02 23:28 ` Spencer Shepler
2010-12-08 0:15 ` 'J. Bruce Fields'
2010-12-10 19:00 ` Thomas Haynes
2010-12-10 19:17 ` J. Bruce Fields
2010-11-29 22:09 ` Daniel.Muntz
2010-11-29 22:57 ` Spencer Shepler
2010-11-29 23:16 ` Trond Myklebust
2010-11-29 23:25 ` Spencer Shepler
2010-11-29 23:26 ` Trond Myklebust
2010-11-29 23:30 ` Spencer Shepler
2010-11-29 23:40 ` Trond Myklebust
2010-11-30 0:02 ` Spencer Shepler
2010-11-30 11:44 ` Spelic
2010-11-30 13:04 ` Trond Myklebust
2010-11-30 15:48 ` Boaz Harrosh
2010-11-29 23:34 ` Daniel.Muntz
2010-11-29 23:36 ` Spencer Shepler
-- strict thread matches above, loose matches on Subject: below --
2010-11-29 17:32 Spelic
2010-11-29 19:50 ` Simon Kirby
2010-11-29 22:47 ` Spelic
2010-11-30 15:20 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101201162912.GC6832@fieldses.org \
--to=bfields@fieldses.org \
--cc=SteveD@redhat.com \
--cc=Trond.Myklebust@netapp.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=spelic@shiftmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).