On Mon, Mar 12, 2012 at 05:27:08PM -0400, J. Bruce Fields wrote: > On Mon, Mar 12, 2012 at 05:14:16PM -0400, Chuck Lever wrote: > > IMO, the server should do a comparison of the nfs_client_id4 strings, > > and nothing else. > > We're supposed to return CLID_INUSE when we see a setclientid from a > "different" client using the same string, to keep clients from doing > mischief with other clients' state (either maliciously or, as in this > case, accidentally). > > "Different" here is defined as "not having the same principal". I know > what that means in the krb5 case, but I'm less certain in the auth_sys > case. Cc'ing the ietf list. Is it reasonable for a server to expect setclientid's to come from the same client IP address at least in the auth_sys case, or could that break multi-homed clients? At least in the auth_sys case IP addresses are one of the only things we have left to go on when the client's identifier-generation is messed up (not that difficult). --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
