On 7/15/21 5:43 PM, Rick Macklem wrote:
guy keren <guy@xxxxxxxxxxxx> wrote:
hi,
i wonder if the linux client's nfs nconnect feature was designed to
support NFS4.1 (or higher) versions? according to our experimentation,
the linux client seems to just alternate messages between the multiple
RPC/TCP connections, and does not seem to adhere to the NFS 4.1 protocol
requirement, that when using multiple connections, the client needs to
use BIND_CONN_TO_SESSION when trying to user a 2nd connection with the
same NFS4.1 session.
was this done on purpose? or is this configuration not supported by
linux client's 'nconnect'? or am i missing something?
Yep, you're missing something.
Snippet from RFC 5661 pg. 43:
If the client specifies no state
protection (Section 18.35) when the session is created, then when
SEQUENCE is transmitted on a different connection, the connection is
automatically associated with the fore channel of the session
specified in the SEQUENCE operation.
As such, BIND_CONN_TO_SESSION is only required to associate the
backchannel to the connection.
rick
thanks for pointing this out, rick - i forgot about this feature.
does it mean that 'nconnect' cannot work with MACHCRED or SSV client
authentication then?
will it work with kerberos (which does authenticate the client machine
normally, as far as i know)?
thanks,
--guy