Date: Fri, 16 Aug 2019 19:40:22 +0300 From: Alexander Lunev <lan@zato.ru> To: freebsd-net@freebsd.org Subject: Re: NFSv4 without Kerberos Message-ID: <704c15b4-aaf0-bb0e-20d7-777ae6043843@zato.ru> In-Reply-To: <YTBPR01MB3616B00AF89A5FA5134D5DEBDDAF0@YTBPR01MB3616.CANPRD01.PROD.OUTLOOK.COM> References: <522283ee-dc4b-6439-fb05-7254511a214b@zato.ru> <20190816104222.GN47119@zxy.spb.ru> <c952fd4a-551a-01a0-2346-a4059a4bf73b@zato.ru> <20190816120157.GO47119@zxy.spb.ru> <19b8ad6d-ad07-e50e-75d1-ae554c87c384@zato.ru> <20190816121547.GP47119@zxy.spb.ru> <d7f0e26d-2329-0472-f96b-cc6a7dbd91c6@zato.ru> <DAE187D9-FD1F-4FD9-BF0D-9F293531D1D1@punkt.de> <c2ad8abe-aa26-48c8-3f75-53ee3b0bf960@zato.ru> <YTBPR01MB3616B00AF89A5FA5134D5DEBDDAF0@YTBPR01MB3616.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
> 1 - setting the sysctls > vfs.nfsd.enable_stringtouid=1 > vfs.nfs.enable_uidtostring=1 > Allows the uid/gid to be put in the Owner/Owner_group string as a number > (ie "1001"). This avoids any need to run the nfsuserd if all mounts are sec=sys. > This is now the default for most Linux distros. > > Even if you want to run the nfsuserd, it won't be working until the system is > booted. (If you don't do the above, all the files needed to get booted must be > world read/exec.) Thanks for this! In fact I was moving towards root-on-NFSv4, and your message is really helpful. It is a pity that there is so little documentation and even less debugging means for NFSv4 - you can't put daemon in debug mode, for example, or get some extra debugging messages from mount_nfs, like with ssh/sshd for example. > 2 - A Kerberized root mount won't work, because the gssd must be running for > Kerberos access to work and that can't happen until booted. And thanks for this! I think you saved me a lot of time figuring how and why! -- Best regards Alexander Lunev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?704c15b4-aaf0-bb0e-20d7-777ae6043843>