Re: NFS3+KRB5 question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 01, 2008 at 02:36:44PM +0200, Quentin Godfroy wrote:
> AFAICS I experience the same behavior[#]. Wile mounting a fs with
> sec=krb5i:krb5p,rw,sec=sys,ro works, disabling the sec=sys option returns an
> EACCES to the mount syscall (for binary mount as well as text based mount).
> And of course the rest is working correctly, I indeed have write enabled if
> with krb5i.
> 
> Looks like the client does a FSINFO call with AUTH_UNIX credentials instead
> of using machine credentials, which is rejected by the server.

By the way, I would like to know why does this call is rejected at the NFS
layer with a NFS3ERR_ACCES instead of being rejected at the RPC layer with
AUTH_TOOWEAK in a rejected_reply struct ? I would expect more an
NFS3ERR_ACCES when the filehandle is outside an export (with
subtree_checking enabled) or when the client is not in the list of exported
filesystems. 

Maybe the answer is that the RPC layer has large parts of it which are
unadequate with current needs and that either the server does not answer at
all (and close the underlying connection) or returns accepted_reply structures
with SUCCESS and delegate error management to the upper level.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux