On Mon, Mar 26, 2012 at 04:02:12PM -0400, J. Bruce Fields wrote: > Having looked at it longer: first, I can't see how 4.1/krb5 callbacks > ever really worked. That's a project for another day. (Soon, but > probably not for 3.4.) Bah, I'm stupid, I'd forgotten how 4.1 backchannel security works: the client chooses which flavor(s) are acceptable in create_session (or the mandatory but unimplemented backchannel_ct). The Linux client always chooses auth_sys. We've never really paid much attention to the client. Before we basically just used auth_sys no matter what. Now we're using krb5 in the krb5 case. Both are wrong, but the latter also breaks in practice against the Linux client. I think I changed the behavior accidentally while overhauling the 4.1 server's callback and trunking behavior, probably with 80fc015bdfe "nfsd4: use common rpc_cred for all callbacks". I'll look into doing this a little more correctly.... --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
