On Thu, 23 Apr 2009 14:52:51 +0200, Andrew Gallatin <gallatin at cs.duke.edu> wrote:
> Frank Batschulat (Home) wrote: > >> yes, in build 108 we integrated real kernel RPC support for AUTH_NONE, >> previously it was silently matched and handled as AUTH_SYS >> >> 6790413 AUTH_NONE implementation in kernel RPC >> http://bugs.opensolaris.org/view_bug.do?bug_id=6790413 >> >> it appears that the linux server as default has sec=none before sec=sys in >> the share so >> we'd start using real AUTH_NONE support for the mount and future access >> causing following problems >> >> 6828396 snv_111 sends wrong uid/gid to Linux NFSv3 server >> http://bugs.opensolaris.org/view_bug.do?bug_id=6828396 >> >> since AUTH_NONE is the first security flavour our client gets from the Linux >> server >> during mount, our client will then use AUTH_NONE for future access of course >> and will fail as described in 6828396 > > There was a comment somewhere (which I can no longer find) that the > Solaris policy of choosing the *first* common security flavor may be > incorrect, and that Solaris should be choosing the *strongest* > common security flavor. If Solaris did this, it would certainly thats exactly what we've already started to discuss now ;-) > reduce interoperability problems with Linux NFS servers, since > sec=sys would be chosen in this case. Eg, things would continue > to work, rather than break, when people upgrade to more recent > versions of OpenSolaris. though I'd be really interested to know more about how it comes that a share by default is done with AUTH_NONE included, any backround infos somewhere available ? the Solaris server, by default, shares with sec=AUTH_SYS --- frankB
