On Sun, 2013-09-08 at 16:22 -0400, Chuck Lever wrote:
> On Sep 7, 2013, at 7:18 PM, Trond Myklebust <Trond.Myklebust@xxxxxxxxxx> wrote:
>
> > NFSv4 security auto-negotiation has been broken since
> > commit 4580a92d44e2b21c2254fa5fef0f1bfb43c82318 (NFS:
> > Use server-recommended security flavor by default (NFSv3))
> > because nfs4_try_mount() will automatically select AUTH_SYS
> > if it sees no auth flavours.
>
> nfs(5) says this:
>
> sec=mode The RPCGSS security flavor to use for accessing files on this
> mount point. If the sec option is not specified, or if sec=sys
> is specified, the NFS client uses the AUTH_SYS security flavor
> for all NFS requests on this mount point.
>
> If NFSv4 can negotiate security now, nfs(5) should be updated.
I suggest that you pull again. My copy of nfs(5) says
sec=flavor The security flavor to use for accessing files on this
mount point. If the server does not support this fla‐
vor, the mount operation fails. If sec= is not speci‐
fied, the client attempts to find a security flavor that
both the client and the server supports. Valid flavors
are none, sys, krb5, krb5i, and krb5p. Refer to the
SECURITY CONSIDERATIONS section for details.
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
