On Mon, 30 Jul 2007 23:04:10 -0600, Tillman Hodgson <[EMAIL PROTECTED]> wrote:
>On Tue, Jul 31, 2007 at 01:54:58AM +0000, Faeandar wrote: >> The one is Solaris and Linux. Maybe Linux is 32, I don't know for >> sure. >> I hear that a system change on Solaris will allow for 32 but unless >> your NFS servers are Solaris you break NFS. > >On FreeBSD you can adjust kern.ngroups (defaults to 16). Harti has >tested an increased number (64, I think) over a number of years and with >the exception of NFS everything worked fine. > >> I'm looking into increasing file system security over NFS and was >> initially leaning towards kerb5 with LDAP to allow for a greater >> number of unix groups, and therefore greater access control (beyond 16 >> groups) even if it is still ugo. >> But so far I'm doubtful that will work. > >As I undersatnd it, over NFS it won't work because of how RPC works. RFC >1057 defines the auth_unix struct as having unsigned int gids<16>. > >-T I have not read the spec for RPC but I'll check that one out. If that's the case we may be SoL. Thanks. ~F ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
