Nicolas Williams wrote: > On Tue, Oct 13, 2009 at 09:26:16AM +0100, Darren J Moffat wrote: >>> Specifically it may cause non-deterministic behavior. Sorting the group >>> list will cause deterministic behavior, but that is probably worse. >>> Ideally we could just wave our hands and make AUTH_SYS go away. But we >>> can't. What we can do though is this: the NFS server could look up the >>> group memberships of the UID asserted by an AUTH_SYS client. >> That would actually help in a few edge case configs even when the group >> list is less than 16. Having AUTH_SYS just ignore the supplementary >> groups all together and collect them itself would be useful - but likely >> a performance impact since now we need a nameservice lookup. > > There'd be a cache, to avoid having to do these lookups too frequently, > and we already do them for secure NFS anyways.
Of course, but my concern was making AUTH_SYS (the default) slower in the default case. -- Darren J Moffat
