Chuck Lever wrote:
On Jul 10, 2009, at 4:55 PM, Tom Haynes wrote:
The second option would push AUTH_NONE to the end of the list, which
corresponds to my thinking of it as a wild card.
The problem with the server's auth list is that it is a list of _all_
flavors that the server supports.
For us it is a list of flavors supported on that export.
Our default export is basically sec=sys,rw.
To get all of the flavors, the admin would have to configure them in.
I was wondering when a server would not want to order the flavor list
by strongest to weakest. We have the use case of the kerberos 5
pseudoflavors: clients should probably use krb5 over krb5p by
default, as this provides good security without a lot of performance
overhead. But krb5p is stronger security than krb5.
When they have different access lists.
If they have the same access lists, then the server is free to order them...
share -F nfs -o sec=sys:none:krb5,rw /foo
share -F nfs -o sec=sys,ro,sec=krb5p,rw,root=@xxxxxxxxxxx,sec=krb5,rw /bar
In the first, we don't care how the server presents them. In the second,
the list would be: sys krb5p krb5.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html