tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]


The higher versions of the protocol prefer sites to avoid AUTH_SYS.
For discussion, see here

Independent of the auth type, an NFS server could use ordinary methods to 
associate groups whatever user is selected for a given operation.  Ganesha is
moving in this direction.

The newest work in the NFS protocol in this area is about embedding 
in the protocol through GSS extension, and multiple authentication domains 
That's not very far along, I don't think.


----- "Mouse" <mouse%Rodents-Montreal.ORG@localhost> wrote:

> >> Of course.  But will it do what you want?
> > I don't understand your concerns.
> Well, I'm just not sure that simply recompiling with a higher
> NGROUPS/NGROUPS_MAX will actually have the effect you want.
> > My intention was to let the NFS client run the modified kernel with
> a
> > raised group limit.  Then, the process in question will be a member
> > of more than 16 secondary groups which will enable it to access
> files
> > readable for these groups, be it on NFS or not.  Where is the NFS
> > server involved?  Enforcing access limits is the client's business,
> > isn't it?
> Not entirely, I think.  I haven't looked at recent versions of NFS,
> so
> perhaps this is out of date, but, back when I was mucking about with
> the NFS wire protocol, an NFS client process's secondary group list
> appeared on the wire, and there was a relatively small hard maximum
> on
> it - 16 sounds about right.
> Perhaps I'm misremembering, though I don't think so.  Or perhaps this
> has been fixed in recent versions of the protocol, or perhaps it
> applies only to certain operations you don't care about or something.
> But it's something I'd suggest you be prepared to see trouble from,
> even if perhaps not _expect_ trouble from.
> /~\ The ASCII                           Mouse
> \ / Ribbon Campaign
>  X  Against HTML    
> / \ Email!         7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Matt Benjamin
The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI  48104

tel.  734-761-4689 
fax.  734-769-8938 
cel.  734-216-5309 

Home | Main Index | Thread Index | Old Index