Re: mount.nfs: access denied by server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 21, 2009 at 04:39:53PM -0400, Peter Staubach wrote:
> Tom Haynes wrote:
> > J. Bruce Fields wrote:
> >>
> >>> Right now, we use AUTH_SYS if the mount command didn't specify a
> >>> flavor, but the flavor we're going to use is always checked against
> >>> the server's returned list.  You seem to be suggesting we should
> >>> ignore the server's list entirely if sec= was specified...?
> >>>     
> >>
> >> Yes.  I can't see what practical problems that would cause.
> >>
> 
> Here, I am going to disagree.  The client should compare the
> flavor specified with the list of authentication flavors
> returned by the server and if the specific flavor isn't on
> the list, then the mount attempt should be failed.

Why?  What can go wrong if you just try the flavor?

Ugh: to answer my own question: ok, if the server allows auth_sys for
the NFS operations required on mount (as suggested by the security
considerations rfc), then that would mean mount would always succeed,
and nobody would see the error until the first operation on the
filesystem.  It would be better to return the error on mount.

So, I think I have to give in and agree with you.  People will just have
to upgrade their mountd's....

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux