On Tue, Jul 10, 2012 at 10:25:13PM +0000, Myklebust, Trond wrote: > On Tue, 2012-07-10 at 18:12 -0400, Trond Myklebust wrote: > > Then why is it being labelled as a knfsd-only change? It should be labeled an rpc server change. > > How will it behave if I don't run gss proxy? It will work, but if the server's running on the same machine it will also use svcgssd, and hence won't (for example) be able to handle the larger init_sec_context packets. > ...and how will it behave in a net namespace? It will need the same fixes as we need for rpcbind. I'm sure we could allow the callback server and the nfs server to use different authentication upcalls. But that makes this not worth it. We should be able to share the same use the same mechanism on all rpc servers, so if a mechanism based on gssproxy calls isn't acceptable for the nfs callback server then I'll drop it. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
