> On 16 Apr 2018, at 15:12, Rick Macklem <rmack...@uoguelph.ca> wrote:
> Julian Elischer wrote:
>> On 16/4/18 6:37 pm, Julian Elischer wrote:
>>> Windows users seem to have an almost unlimited number of groups and
>>> soem places seem to use them a LOT.
>>> This gives Posix systems problems with deciding how to handle them
>>> all. Especially when getting
>>> user credentials from winbindd (samba).
>>> Does anyone know of any work done to either bypass this limit or to
>>> at least expand it?
>> I mean with the other applications such NFS usages etc.
>> I know mountd explodes with > 16..  has anyone done a cleaning pass?
> 16 is the limit "on-the-wire" per RFCs for Sun RPC. You can use
> nfsuserd --manage-gids (see "man nfsuserd")
> on the NFS server so that the daemon uses the group list for the uid in the 
> RPC instead of the list of groups (limited to 16) in the RPC header. Works 
> fine so
> long as the server knows the same group list for a uid as the client(s) do.
> And, yes, this applies to NFSv3 as well as NFSv4.

it is not entirely exact. The number of supplemental groups is the limit of 
AUTH_SYS (aka AUTH_UNIX) authentication mechanism used by ONC+ RPC. So anything 
using/supporting this auth mechanism, has this limit too.

Therefore, on paper, there is 2 possible ways to overcome the issue - either 
use alternate authentication mechanism (such as AUTH_GSS), or implement 
workaround for AUTH_SYS.

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to