On Tue, Apr 01, 2008 at 04:56:29PM -0400, J. Bruce Fields wrote: > > AFAICS I experience the same behavior[#]. Wile mounting a fs with > > sec=krb5i:krb5p,rw,sec=sys,ro works, disabling the sec=sys option returns an > > EACCES to the mount syscall (for binary mount as well as text based mount). > > And of course the rest is working correctly, I indeed have write enabled if > > with krb5i. > > > > Looks like the client does a FSINFO call with AUTH_UNIX credentials instead > > of using machine credentials, which is rejected by the server. > > The client here is within its rights, and the server is wrong; see: > > http://www.ietf.org/rfc/rfc2623.txt > > (especially 2.3.2, "NFS Procedures Used at Mount Time"). The kernel > changes on the server side should not be too difficult after the export > changes we made a few versions ago. The server is indeed wrong to reject the fsinfo call with only AUTH_SYS credentials (and the rfc does not mandate it to accept it as far as i can see), but the client could wait a session for machine credentials before doing the call, since administrative credentials are available. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
