public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
From: Peter Staubach <staubach@redhat.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Chuck Lever <chuck.lever@oracle.com>,
	trond.myklebust@fys.uio.no, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] NFS: Change default behavior when "sec=" is not	specified by user
Date: Tue, 01 Sep 2009 15:24:06 -0400	[thread overview]
Message-ID: <4A9D74D6.7000608@redhat.com> (raw)
In-Reply-To: <20090901191652.GD27726@fieldses.org>

J. Bruce Fields wrote:
> On Tue, Sep 01, 2009 at 02:52:44PM -0400, Peter Staubach wrote:
>> J. Bruce Fields wrote:
>>> On Tue, Sep 01, 2009 at 02:33:50PM -0400, Peter Staubach wrote:
>>>> Some servers will accept any flavor of incoming RPC security
>>>> and just use AUTH_NULL in this situation.  It really shouldn't
>>>> matter what the client sends, as long as the server is just
>>>> going to map all requests to nobody/nobody anyway...
>>> OK, but let's not pile on more workarounds than we have to.  I don't see
>>> any reason that we really need to do anything special for servers that
>>> are broken in *that* particular way....
>>>
>> I don't think that that is considered to be broken, by the way.
> 
> OK, maybe not.
> 
>> I am not sure whether it still works this way, but I know that
>> Solaris used to work this way, at the very least.
>>
>> Since I clearly haven't looked, but why would the Linux NFS
>> server care which flavor that it got sent, if the export is
>> configured to map all requests to nobody/nobody?
> 
> I can think of any number of reasons, but on the client side I don't see
> any great advantage to taking "auth_null" to mean "use anything you
> want": it's another special case, it's undocumented and will only work
> on some servers, and if it's really what the administrator wants, it
> should be easy to fix the server to advertise everything while still
> doing the id-squashing.
> 

I don't understand this last.  Why would the server bother to
advertise the various flavors if they are all going to treated
as if they were AUTH_NONE?  It would seem to violate expectations
that clients may have, that they issued authentic and verifiable
requests, only to be treated as if they were not?

Just out of curiosity, any number of reasons?  :-)

This all seems like a lot of conversation and work just to try
to figure out how to accommodate a configuration which has
already indicated that it will ignore any incoming authentication
information.  I would suggest that we take the easy and obvious
way of sending AUTH_UNIX to such systems and if we find one that
really insists upon receiving AUTH_NONE from the client, then
we fix the client.  Many clients can't even generate AUTH_NONE,
by the way...

		ps

		ps

  reply	other threads:[~2009-09-01 19:24 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-01 14:31 [PATCH] NFS: Change default behavior when "sec=" is not specified by user Chuck Lever
     [not found] ` <20090901143012.3978.11441.stgit-RytpoXr2tKZ9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2009-09-01 15:05   ` J. Bruce Fields
2009-09-01 15:10     ` Chuck Lever
2009-09-01 15:18       ` J. Bruce Fields
2009-09-01 15:52         ` Chuck Lever
2009-09-01 16:09           ` J. Bruce Fields
2009-09-01 16:29             ` Chuck Lever
2009-09-01 16:38               ` J. Bruce Fields
2009-09-01 18:07                 ` Chuck Lever
2009-09-01 18:21                   ` J. Bruce Fields
2009-09-01 18:25                   ` Trond Myklebust
     [not found]                     ` <1251829540.18608.31.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:28                       ` Trond Myklebust
     [not found]                         ` <1251829737.18608.34.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:35                           ` Trond Myklebust
2009-09-01 18:58                       ` Chuck Lever
2009-09-01 19:31                         ` Trond Myklebust
     [not found]                           ` <1251833479.18608.69.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 19:33                             ` Trond Myklebust
2009-09-01 20:10                             ` Chuck Lever
2009-09-01 20:15                               ` J. Bruce Fields
2009-09-01 20:31                                 ` Chuck Lever
2009-09-01 21:22                                   ` Trond Myklebust
     [not found]                                     ` <1251840160.8463.20.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-02 14:16                                       ` Chuck Lever
2009-09-01 18:33                   ` Peter Staubach
2009-09-01 18:50                     ` J. Bruce Fields
2009-09-01 18:52                       ` Peter Staubach
2009-09-01 19:16                         ` J. Bruce Fields
2009-09-01 19:24                           ` Peter Staubach [this message]
2009-09-01 20:05                             ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A9D74D6.7000608@redhat.com \
    --to=staubach@redhat.com \
    --cc=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox