On Fri, 2009-07-10 at 17:38 -0500, Tom Haynes wrote: > Chuck Lever wrote: > > On Jul 10, 2009, at 4:55 PM, Tom Haynes wrote: > > > >> The second option would push AUTH_NONE to the end of the list, which > >> corresponds to my thinking of it as a wild card. > > > > The problem with the server's auth list is that it is a list of _all_ > > flavors that the server supports. > > For us it is a list of flavors supported on that export. > > Our default export is basically sec=sys,rw. > > To get all of the flavors, the admin would have to configure them in. > > > > > I was wondering when a server would not want to order the flavor list > > by strongest to weakest. We have the use case of the kerberos 5 > > pseudoflavors: clients should probably use krb5 over krb5p by > > default, as this provides good security without a lot of performance > > overhead. But krb5p is stronger security than krb5. > > When they have different access lists. > > If they have the same access lists, then the server is free to order them... > > share -F nfs -o sec=sys:none:krb5,rw /foo > share -F nfs -o sec=sys,ro,sec=krb5p,rw,root=@xxxxxxxxxxx,sec=krb5,rw /bar > > In the first, we don't care how the server presents them. In the second, > the list would be: sys krb5p krb5. Meaning that the client defaults to read-only access? Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
