From: "J. Bruce Fields" <bfields@fieldses.org>
To: Jeff Layton <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH v10 0/8] nfsd: overhaul the client name tracking code
Date: Tue, 27 Mar 2012 11:06:57 -0400 [thread overview]
Message-ID: <20120327150656.GB32055@fieldses.org> (raw)
In-Reply-To: <20120326200212.GD26254@fieldses.org>
On Mon, Mar 26, 2012 at 04:02:12PM -0400, J. Bruce Fields wrote:
> Having looked at it longer: first, I can't see how 4.1/krb5 callbacks
> ever really worked. That's a project for another day. (Soon, but
> probably not for 3.4.)
Bah, I'm stupid, I'd forgotten how 4.1 backchannel security works: the
client chooses which flavor(s) are acceptable in create_session (or the
mandatory but unimplemented backchannel_ct). The Linux client always
chooses auth_sys. We've never really paid much attention to the client.
Before we basically just used auth_sys no matter what. Now we're using
krb5 in the krb5 case. Both are wrong, but the latter also breaks in
practice against the Linux client.
I think I changed the behavior accidentally while overhauling the 4.1
server's callback and trunking behavior, probably with 80fc015bdfe
"nfsd4: use common rpc_cred for all callbacks".
I'll look into doing this a little more correctly....
--b.
prev parent reply other threads:[~2012-03-27 15:06 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-21 13:52 [PATCH v10 0/8] nfsd: overhaul the client name tracking code Jeff Layton
2012-03-21 13:52 ` [PATCH v10 1/8] nfsd: convert nfs4_client->cl_cb_flags to a generic flags field Jeff Layton
2012-03-21 20:41 ` J. Bruce Fields
2012-03-21 20:52 ` Jeff Layton
2012-03-21 21:05 ` J. Bruce Fields
2012-03-21 13:52 ` [PATCH v10 2/8] nfsd: add nfsd4_client_tracking_ops struct and a way to set it Jeff Layton
2012-03-21 20:42 ` [PATCH v11 " Jeff Layton
2012-03-21 23:59 ` [PATCH v10 " Jeff Layton
2012-03-21 13:52 ` [PATCH v10 3/8] sunrpc: create nfsd dir in rpc_pipefs Jeff Layton
2012-03-23 12:12 ` J. Bruce Fields
2012-03-23 13:31 ` J. Bruce Fields
2012-03-23 15:20 ` Myklebust, Trond
2012-03-23 15:22 ` J. Bruce Fields
2012-03-23 15:34 ` Myklebust, Trond
2012-03-23 15:53 ` Jeff Layton
2012-03-23 16:12 ` Jeff Layton
2012-03-23 17:04 ` J. Bruce Fields
2012-03-28 23:09 ` [PATCH] nfsd4: use auth_unix unconditionally on backchannel J. Bruce Fields
2012-03-28 23:16 ` Myklebust, Trond
2012-03-28 23:46 ` J. Bruce Fields
2012-03-29 14:29 ` Matt W. Benjamin
2012-03-29 14:29 ` Matt W. Benjamin
2012-03-29 14:48 ` J. Bruce Fields
2012-03-23 16:00 ` [PATCH v10 3/8] sunrpc: create nfsd dir in rpc_pipefs J. Bruce Fields
2012-03-21 13:52 ` [PATCH v10 4/8] nfsd: add a per-net-namespace struct for nfsd Jeff Layton
2012-03-21 13:52 ` [PATCH v10 5/8] nfsd: add a header describing upcall to nfsdcld Jeff Layton
2012-03-21 13:52 ` [PATCH v10 6/8] nfsd: add the infrastructure to handle the cld upcall Jeff Layton
2012-03-21 13:52 ` [PATCH v10 7/8] nfsd: add notifier to handle mount/unmount of rpc_pipefs sb Jeff Layton
2012-03-21 13:52 ` [PATCH v10 8/8] nfsd: don't allow legacy client tracker init for anything but init_net Jeff Layton
2012-03-23 17:06 ` [PATCH v10 0/8] nfsd: overhaul the client name tracking code J. Bruce Fields
2012-03-23 17:26 ` Jeff Layton
2012-03-26 20:02 ` J. Bruce Fields
2012-03-27 15:06 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120327150656.GB32055@fieldses.org \
--to=bfields@fieldses.org \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox