Re: [PATCH] nfs-utils: Handle authentication flavour order properly

Linux NFS development
 help / color / mirror / Atom feed

From: Peter Staubach <staubach@redhat.com>
To: bc Wong <bcwalrus@gmail.com>
Cc: Chuck Lever <chuck.lever@oracle.com>,
	trond.myklebust@fys.uio.no, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] nfs-utils: Handle authentication flavour order properly
Date: Fri, 07 Mar 2008 15:28:15 -0500	[thread overview]
Message-ID: <47D1A55F.5030200@redhat.com> (raw)
In-Reply-To: <f88853200803071138n58d16ca6t4f4410d587141141-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>

bc Wong wrote:
> On Fri, Mar 7, 2008 at 11:10 AM, Peter Staubach <staubach@redhat.com> wrote:
>   
>> bc Wong wrote:
>>  > On Fri, Mar 7, 2008 at 10:29 AM, Peter Staubach <staubach@redhat.com> wrote:
>>  >
>>  >>  Actually, NFS servers that support AUTH_NONE, map the uid and gid to the
>>  >>  anonymous uid and gids for access to file systems which are exported
>>  >>  AUTH_NONE.  It doesn't seem to matter what authentication flavor that
>>  >>  the client uses.
>>  >>
>>  >>        ps
>>  >>
>>  >
>>  > Hi Peter,
>>  >
>>  > My concern is that a server supports both AUTH_SYS and AUTH_NONE,
>>  > where AUTH_SYS would give you the regular access, and AUTH_NONE
>>  > would give the anon access as you described, which is typically a
>>  > degraded read-only view. Therefore it's bad for the client to choose
>>  > AUTH_NONE in this case, especially since the server presents
>>  > AUTH_SYS *before* AUTH_NONE.
>>  >
>>  > I'll test more with AUTH_NONE on Solaris. Is there any specific setup
>>  > you'd like me to verify?
>>
>>  Do you know of any client NFS implementations that can actually generate
>>  requests with AUTH_NONE as the authentication flavor?  Which server
>>  implementation supports the mode that you described?
>>     
>
> Hi Peter,
>
> Linux does that. 2.6.22. The reason I submitted this patch is that I ran
> into this bug. My server advertises (AUTH_SYS, AUTH_NONE), with
> AUTH_NONE giving degraded access. The older clients are ok, since
> mount.nfs enforces the AUTH_SYS default. Then a new client (2.6.22)
> came in and I went scratching my head why it's using AUTH_NONE.
>
>   

Well, so it does.  Sorry, when that patch was developed, the client 
would not
generate an AUTH_NONE request and could not handle servers which 
exported using
only AUTH_NONE.

It would be good to ensure that they continue to work.

    Thanx...

       ps

> Cheers,
> bc
>
>   
>>  As far as I know, all servers, which support exporting with AUTH_NONE,
>>  always map the incoming uid and gid(s) to the anonymous uid and gid when
>>  they process the request for a file system which is exported with AUTH_NONE.
>>  It doesn't seem to matter what the incoming authentication flavor was.
>>
>>     Thanx...
>>
>>        ps
>>
>>

next prev parent reply	other threads:[~2008-03-07 20:28 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-07  3:08 [PATCH] nfs-utils: Handle authentication flavour order properly bc Wong
     [not found] ` <f88853200803061908y497164bdpdff7b9109567d8c0-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 16:16   ` Chuck Lever
2008-03-07 18:11     ` bc Wong
     [not found]       ` <f88853200803071011j3a70b0abka9142396d3275b10-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 18:27         ` Peter Staubach
2008-03-07 18:29         ` Peter Staubach
2008-03-07 18:59           ` bc Wong
     [not found]             ` <f88853200803071059yf523114wcabb12fdeee7b8d6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 19:10               ` Peter Staubach
2008-03-07 19:38                 ` bc Wong
     [not found]                   ` <f88853200803071138n58d16ca6t4f4410d587141141-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-03-07 20:28                     ` Peter Staubach [this message]
2008-03-11 19:28                       ` bc Wong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47D1A55F.5030200@redhat.com \
    --to=staubach@redhat.com \
    --cc=bcwalrus@gmail.com \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox