On Thu, Jun 5, 2008 at 2:26 AM, Martin Schuster (IFKL IT OS DSM CD) <Martin.Schuster1@xxxxxxxxxxxx> wrote: > Thanks for your thoughts about this. > > Peter Staubach wrote: >> Is the real goal to be able to export the files using krb5 >> authentication or the use of NFSv4? >> > Both, I fear. > >> If the former, then why not just export the files from the >> NetApp using Kerberos? >> >> If the latter, then I suspect that it won't provide much, if >> any, benefit. It would still be limited to the NFSv3 semantics >> of the file system. >> > The current NFS4-support in NetApps OnTap is afaik quite new, > so our filer administrator doesn't want to enable it in the > near future; he prefers waiting until the issues that are likely > to come up are solved before allowing it on a productive machine. The NFSv4 server in OnTAP is several years old, actually. There were some problems with it in the 6.5 and 7.0 time frame, but if your filer is running a current OnTAP release (7.2.2, I think, is the most recent GD release) you should be fine. The "early adopter period" is long over for NFSv4 support in OnTAP. Mounting the filer directly will definitely be more secure (and perform better) than going through an NFSv3 gateway. I think Peter has covered most of the details already. > So my question still is: Is re-exporting an NFS-mount technically > impossible, or does it just need some coding to get it working? Aside from the fact that it is not advisable to do, I don't think it is technically possible on Linux with the kernel NFS server. NFS-exportable file systems must have special hooks to construct NFS file handles from on-disk inodes correctly, and I don't think the Linux NFS client provides those hooks. You might have better luck using the user-space NFS server on your gateway system, but it has plenty of known issues. -- Chuck Lever -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
