From owner-freebsd-fs@freebsd.org Fri Oct 30 13:20:48 2015 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE6C5A21A94 for ; Fri, 30 Oct 2015 13:20:48 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7EDDC1B81 for ; Fri, 30 Oct 2015 13:20:48 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 80EED201E6 for ; Fri, 30 Oct 2015 09:20:47 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Fri, 30 Oct 2015 09:20:47 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=3LdfgPveWNC5JypssCAlBigFfNE=; b=Hp36Y KQRXud+Q5EVIxsoqV2YxCR4BU+rjNJu7TxrjLczgmIEXmnOew922liUM1ojzsO4Z BmwvBH4kzbhSRGMvOEWI4LZwmcB9ipftYg230tFWrZWbeGf1IIWAtOoPY6d5H4+R onkneNkVWuwNlhrZEo2VWWXY9ru/OLmnM0+lIs= X-Sasl-enc: rdv7hKUboHIfZeeGn6YIVIBVnIA0L8/q5xdF7YZXHoB4 1446211247 Received: from [192.168.8.142] (184-158-23-49.dyn.centurytel.net [184.158.23.49]) by mail.messagingengine.com (Postfix) with ESMTPA id 3105BC00091 for ; Fri, 30 Oct 2015 09:20:47 -0400 (EDT) From: Josh Paetzel Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Subject: NFS --manage-gids Message-Id: <29F53220-75AB-4898-B1E4-C1BF0231E25B@tcbug.org> Date: Fri, 30 Oct 2015 08:20:46 -0500 To: freebsd-fs@freebsd.org X-Mailer: iPhone Mail (13B143) X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2015 13:20:48 -0000 As anyone who is familiar with NFS is aware, auth_sys has a limit of members= hip in 16 aux groups. In today's "everything is in AD universe" it's incredibly common for an acco= unt to be in more than 16 groups. There are various solutions to this. Right now the only reasonable one on Fre= eBSD is to use Kerberos. auth_krb does not have the 16 group membership limi= t. Of course that solution is great if you already use Kerberos, but if you d= on't suggesting that as a solution does't always go over so well. The Linux crowd extended their NFS server years ago with a --manage-gids opt= ion that lets it ignore the group member ship sent over the wire by the clie= nt and look up group membership locally. Does anyone have any objections to that option getting ported to FreeBSD? Thanks, Josh Paetzel=