On Mon, 2012-03-19 at 12:28 -0400, J. Bruce Fields wrote:
> On Mon, Mar 12, 2012 at 05:27:08PM -0400, J. Bruce Fields wrote:
> > On Mon, Mar 12, 2012 at 05:14:16PM -0400, Chuck Lever wrote:
> > > IMO, the server should do a comparison of the nfs_client_id4 strings,
> > > and nothing else.
> >
> > We're supposed to return CLID_INUSE when we see a setclientid from a
> > "different" client using the same string, to keep clients from doing
> > mischief with other clients' state (either maliciously or, as in this
> > case, accidentally).
> >
> > "Different" here is defined as "not having the same principal". I know
> > what that means in the krb5 case, but I'm less certain in the auth_sys
> > case.
>
> Cc'ing the ietf list. Is it reasonable for a server to expect
> setclientid's to come from the same client IP address at least in the
> auth_sys case, or could that break multi-homed clients?
>
> At least in the auth_sys case IP addresses are one of the only things we
> have left to go on when the client's identifier-generation is messed up
> (not that difficult).
Yes, but IP addresses can be reassigned dynamically. That's one of the
reasons for wanting a client id in the first place...
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
