Frank Batschulat (Home) wrote: > yes, in build 108 we integrated real kernel RPC support for AUTH_NONE, > previously it was silently matched and handled as AUTH_SYS > > 6790413 AUTH_NONE implementation in kernel RPC > http://bugs.opensolaris.org/view_bug.do?bug_id=6790413 > > it appears that the linux server as default has sec=none before sec=sys in > the share so > we'd start using real AUTH_NONE support for the mount and future access > causing following problems > > 6828396 snv_111 sends wrong uid/gid to Linux NFSv3 server > http://bugs.opensolaris.org/view_bug.do?bug_id=6828396 > > since AUTH_NONE is the first security flavour our client gets from the Linux > server > during mount, our client will then use AUTH_NONE for future access of course > and will fail as described in 6828396
There was a comment somewhere (which I can no longer find) that the Solaris policy of choosing the *first* common security flavor may be incorrect, and that Solaris should be choosing the *strongest* common security flavor. If Solaris did this, it would certainly reduce interoperability problems with Linux NFS servers, since sec=sys would be chosen in this case. Eg, things would continue to work, rather than break, when people upgrade to more recent versions of OpenSolaris. Drew
