Question: why only 8 security flavors per export??

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

* Question: why only 8 security flavors per export??
@ 2009-12-04 16:11 Steve Dickson
       [not found] ` <4B1934A7.90801-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Steve Dickson @ 2009-12-04 16:11 UTC (permalink / raw)
  To: Linux NFS Mailing list

Hello,

Why are only 8 (SECFLAVOR_COUNT) security flavors allow 
per export when 13 security flavors are supported 
(see flav_map[] in  nfs/exports.c)? 
  
I'm trying to create an export that supports all possible
security flavors and its erroring out with "mountd: more than 
8 security flavors on an export"

steved.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Question: why only 8 security flavors per export??
       [not found] ` <4B1934A7.90801-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
@ 2009-12-04 17:08   ` Andy Adamson
  2009-12-04 18:10     ` J. Bruce Fields
  2009-12-04 18:30     ` Steve Dickson
  0 siblings, 2 replies; 4+ messages in thread
From: Andy Adamson @ 2009-12-04 17:08 UTC (permalink / raw)
  To: Steve Dickson; +Cc: Linux NFS Mailing list



> Hello,
>
> Why are only 8 (SECFLAVOR_COUNT) security flavors allow
> per export when 13 security flavors are supported
> (see flav_map[] in  nfs/exports.c)?
>
> I'm trying to create an export that supports all possible
> security flavors and its erroring out with "mountd: more than
> 8 security flavors on an export"

SPKM3 drafts have expired, and the LIPKEY RFC is based on SPKM3 and  
was never implemented. The SPKM3 implementation was used for  
experimentation, but never in production anywhere and should probably  
be removed from the kernel. So in reality, the list of all possible  
security flavors is:

AUTH_NONE, AUTH_NULL, AUTH_SYS, AUTH_UNIX, krb5, krb5i and krb5p.

-->Andy
>
> steved.
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs"  
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Question: why only 8 security flavors per export??
  2009-12-04 17:08   ` Andy Adamson
@ 2009-12-04 18:10     ` J. Bruce Fields
  2009-12-04 18:30     ` Steve Dickson
  1 sibling, 0 replies; 4+ messages in thread
From: J. Bruce Fields @ 2009-12-04 18:10 UTC (permalink / raw)
  To: Andy Adamson; +Cc: Steve Dickson, Linux NFS Mailing list

On Fri, Dec 04, 2009 at 12:08:30PM -0500, Andy Adamson wrote:
>
>
>> Hello,
>>
>> Why are only 8 (SECFLAVOR_COUNT) security flavors allow
>> per export when 13 security flavors are supported
>> (see flav_map[] in  nfs/exports.c)?
>>
>> I'm trying to create an export that supports all possible
>> security flavors and its erroring out with "mountd: more than
>> 8 security flavors on an export"
>
> SPKM3 drafts have expired, and the LIPKEY RFC is based on SPKM3 and was 
> never implemented. The SPKM3 implementation was used for  
> experimentation, but never in production anywhere and should probably be 
> removed from the kernel. So in reality, the list of all possible  
> security flavors is:
>
> AUTH_NONE, AUTH_NULL, AUTH_SYS, AUTH_UNIX, krb5, krb5i and krb5p.

Yeah.  Until there's some practical use for more than 8 simultaneous
flavors, I don't think we care about this limit.

--b.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Question: why only 8 security flavors per export??
  2009-12-04 17:08   ` Andy Adamson
  2009-12-04 18:10     ` J. Bruce Fields
@ 2009-12-04 18:30     ` Steve Dickson
  1 sibling, 0 replies; 4+ messages in thread
From: Steve Dickson @ 2009-12-04 18:30 UTC (permalink / raw)
  To: Andy Adamson; +Cc: Linux NFS Mailing list



On 12/04/2009 12:08 PM, Andy Adamson wrote:
> 
> 
>> Hello,
>>
>> Why are only 8 (SECFLAVOR_COUNT) security flavors allow
>> per export when 13 security flavors are supported
>> (see flav_map[] in  nfs/exports.c)?
>>
>> I'm trying to create an export that supports all possible
>> security flavors and its erroring out with "mountd: more than
>> 8 security flavors on an export"
> 
> SPKM3 drafts have expired, and the LIPKEY RFC is based on SPKM3 and was
> never implemented. The SPKM3 implementation was used for
> experimentation, but never in production anywhere and should probably be
> removed from the kernel. So in reality, the list of all possible
> security flavors is:
> 
> AUTH_NONE, AUTH_NULL, AUTH_SYS, AUTH_UNIX, krb5, krb5i and krb5p.
> 
Ok... thanks... 

steved.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2009-12-04 18:30 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-12-04 16:11 Question: why only 8 security flavors per export?? Steve Dickson
     [not found] ` <4B1934A7.90801-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2009-12-04 17:08   ` Andy Adamson
2009-12-04 18:10     ` J. Bruce Fields
2009-12-04 18:30     ` Steve Dickson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox