This new patchset obsoletes the patch sent earlier today. The first and third patch are obvious. The second patch implement a new command line option -N that takes an on|off argument. When 'on' is specified the RPC Server name as passed from the kernel to rpc.gssd is check to see if it really is an actual IP address, if it is the current code is executed (and reverse resolution happens), otherwise the name used at the mount option is used directly w/o any DNS resolution to construct the GSSAPI name. Avoiding Reverse name resolution helps making the system work when PTR records cannot be properly set on a network (because the amdin does not control DNS for example) and also avoids a potential MITM attack (as explained early on in the original patch thread). Simo Sorce (3): Fix segfault when using -R option Avoid reverse resolution for server name Document new -N option utils/gssd/gss_util.h | 2 ++ utils/gssd/gssd.c | 18 ++++++++++++++++-- utils/gssd/gssd.man | 11 ++++++++++- utils/gssd/gssd_proc.c | 25 +++++++++++++++++++++---- 4 files changed, 49 insertions(+), 7 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
