At 12:42 PM 6/24/2005, Roland Dreier wrote: > Thomas> But that's totally and completely insecure. The goal of > Thomas> /etc/exports is to place at least part of the client > Thomas> authentication in the network rather than the supplied > Thomas> credentials. NFS has quite enough of a history with > Thomas> AUTH_SYS to prove the issues there. Some of the exports > Thomas> options (e.g. the *_squash ones) are specifically because > Thomas> of this. > >ATS is completely insecure too, right? A client can create any old >service record in the subnet administrator's database and claim that >its GID has whatever IP address it wants.
As I said - I am not attached to ATS. I would welcome an alternative. But in the absence of one, I like what we have. Also, I do not want to saddle the NFS/RDMA transport with carrying an IP address purely for the benefit of a missing transport facility. After all NFS/RDMA works on iWARP too. Tom. _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
