On Tue, 2009-08-25 at 17:17 -0500, Tom Haynes wrote: > Trond Myklebust wrote: > >> Should it recover in the case where the administrator suddenly removes > >> krb5 from the list, and replaces it with krb5i on all subdirectories > >> of ../../.. relative to your current working directory? > >> > > > > Sorry. Let me be more specific... > > > > Say you have > > > > /foo sec=krb5,rw > > > > and the administrator adds a new rule > > > > /foo/bar sec=krb5i,rw > > > > Will your autonegotiator be able to recover processes that are working > > in /foo/bar/... without disturbing those working in /foo/baz/... ? > > > > > > > I'll let someone who knows the client give the real response, but > consider two > threads, one in /foo/baz and one in /foo/bar. > > The one in /foo/baz will never get a WRONGSEC. > > The one in /foo/bar may never get one either - depending on the server > implementation. > i.e., the server has probably put the FSID in the FH. The client is > handing back > what is probably a non-volatile FH and the server has to honor it. And > the server > may have no clue that the FH is under a new mount point. > > What happens if the client redrives a LOOKUP of the directory entry? It > should > discover that the FHs no longer match and do some sort of recovery. I was thinking of the case in which /foo/bar is not actually a mount point. :-) If we all agree that the server can only remove security flavours when crossing a mount point, then all is well, however the protocol doesn't strictly speaking say that has to be the case. That worries me... -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
