Date: Tue, 27 Apr 2010 21:03:36 +0000 From: Knowledge Seeker <knoseeker@googlemail.com> To: Brooks Davis <brooks@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: RPC and NFS more than 16 groups Message-ID: <h2wb5ec32921004271403pdea6a0er89bc43e97fd73401@mail.gmail.com> In-Reply-To: <20100414023414.GD81708@lor.one-eyed-alien.net> References: <t2nb5ec32921004131600q5cbfad0uee7fc35103f7e115@mail.gmail.com> <20100414023414.GD81708@lor.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I made the changes in 2 FreeBSD 8.0 stable boxes. One I've configured one as a server and the other as the client. But the 16 groups limit persists. Even when I tried using a GNU/Linux Debian machine as a client with a Kernel patched to work with the number of groups advertised by the server (kernel-patch-nfs-ngroups), it does not work. The files and lines changed in FreeBSD src were: include/rpc/auth_unix.h:#define NGRPS 64 lib/libc/rpc/PSD.doc/xdr.nts.ms:#define NGRPS 64 lib/libc/rpc/PSD.doc/xdr.nts.ms:#define NGRPS 64 sys/rpc/authunix_prot.c:#define NGRPS 64 sys/rpc/svc_auth_unix.c:#define NGRPS 64 I wish to do that as a temporary solution, once we intend to do a complete migration to OpenAFS soon. But now, It's really important to have this working. Migrate to NFSv4 first, will be too much work, especially on clients. (Only the server is a FreeBSD machine) Thanks in advance. Regards -- Knoseeker On Wed, Apr 14, 2010 at 2:34 AM, Brooks Davis <brooks@freebsd.org> wrote: > On Tue, Apr 13, 2010 at 11:00:48PM +0000, Knowledge Seeker wrote: > > Hi, > > I need to have my NFS server to authenticate more than 16 groups when > there > > is a file access. > > > > I would like to know if I can just redefine my MACROS to accomplish that. > > > > The macro would be: NGRPS, because it is tested against the variable > > ngroups which comes from NGROUPS value. > > > > /* gids compose part of a credential; there may not be more than 16 of > them > > */ > > #define NGRPS 16 > > > > In: > > > > sys/rpc/authunix_prot.c > > sys/rpc/svc_auth_unix.c > > usr.sbin/rpc.lockd/kern.c > > include/rpc/auth_unix.h > > lib/libc/rpc/PSD.doc/xdr.nts.ms > > > > Is there any critical issue in change the defs and recompile the kernel > and > > the world? > > It won't work unless you also change the clients and then you will be > sending invalid RPC packets over the wire. If you can live with that it > may well work. The real answer is switch to NFSv4 and GSSAPI > authentication where the group checking all takes place on the server > where it belongs in the first place. > > -- Brooks >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?h2wb5ec32921004271403pdea6a0er89bc43e97fd73401>