Dear NFS experts, I have a few questions: 1) Concerning the NFSv4 clientaddr option, I'm curious about the technical details of why the server needs a callback address, and what to do if the client isn't directly routable? (eg: behind NAT) I am thinking of the situation with *many* clients. Also, what ports need to be open on the client? Does it need to respond to "NEW" traffic, or only "ESTABLISHED" or ? 2) In /etc/exports, for an NFSv4 export, you often see docs suggesting: sec=sys,krb5,krb5i,krb5p OR the same but without the 'sys' part. If you instead do 'sec=krb5p' will this *force* clients to use full encryption and authentication, and deny those who try to mount without sec=krb5p ? In particular, if a client tries to mount with sec=krb5i, what should happen? For some reason I haven't seen anyone just use 'sec=krb5p' and I wanted to know what was up. Thank you in advance, James
Attachment:
signature.asc
Description: This is a digitally signed message part
