On Tue, 2010-11-30 at 14:24 -0500, J. Bruce Fields wrote: > On Tue, Nov 30, 2010 at 08:33:59AM -0500, Trond Myklebust wrote: > > The following patches allow the admin to turn off NFSv4 uid/gid mapping > > if mounting using AUTH_SYS security. > > Maybe that should be "when a mountpoint allows only AUTH_SYS security"? > > (Once we start allowing auth_flavor_len > 1, presumably we don't want to > change mappings depending on which flavor an individual getattr used!) > Also, maybe it's right, but I'm a little weirded about by the dependency > on the auth flavor. The reason for wanting to restrict this to AUTH_SYS is that the latter authenticates us using the uid/gid rather than a principal. In that case (and only in that case), it makes sense to add the assumption that there is an identity mapping between uids and gids on the client and server, and that we should make use of that identity mapping. In the case where auth_flavor_len > 1 (if ever we implement that), I think we should in fact change mappings depending on the flavour actually used for the RPC call. The reason is that principals may authenticate to completely different users/groups on the server, even if the above identity map between uids and gids exists. Cheers Trond -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
