Andy Adamson wrote: > When a user with a Kerberos token of 2048 bytes or larger attempts to > access a filesystem mounted using Kerberized NFS, the NFS server locks up > for 30 seconds, and ultimately the call fails. Yes, this limitation has been known for a long time. We ran into this same issue using X.509 certs and spkm3. I imagine PKINIT will also hit this limitation. But shouldn't it fail right away instead of locking up for 30 seconds? Does the entire server lock up, or just that one rpc? Can a malicious client use this as a DOS? Does it require a valid ticket, or will any ticket >= 2048 do? -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
