From owner-freebsd-current@FreeBSD.ORG Sun Feb 7 22:22:58 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DBE81065670; Sun, 7 Feb 2010 22:22:58 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id 59FCE8FC13; Sun, 7 Feb 2010 22:22:56 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEANfLbkuDaFvH/2dsb2JhbADVH4RUBA X-IronPort-AV: E=Sophos;i="4.49,423,1262581200"; d="scan'208";a="64577006" Received: from danube.cs.uoguelph.ca ([131.104.91.199]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 07 Feb 2010 17:22:56 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by danube.cs.uoguelph.ca (Postfix) with ESMTP id F136D1084121; Sun, 7 Feb 2010 17:22:55 -0500 (EST) X-Virus-Scanned: amavisd-new at danube.cs.uoguelph.ca Received: from danube.cs.uoguelph.ca ([127.0.0.1]) by localhost (danube.cs.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mh4RZXqNRpIz; Sun, 7 Feb 2010 17:22:54 -0500 (EST) Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102]) by danube.cs.uoguelph.ca (Postfix) with ESMTP id AEE4B108423C; Sun, 7 Feb 2010 17:22:54 -0500 (EST) Received: from localhost (rmacklem@localhost) by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id o17MY9I07955; Sun, 7 Feb 2010 17:34:09 -0500 (EST) X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing -bs Date: Sun, 7 Feb 2010 17:34:08 -0500 (EST) From: Rick Macklem X-X-Sender: rmacklem@muncher.cs.uoguelph.ca To: George Mamalakis In-Reply-To: <4B6D3A18.2030304@eng.auth.gr> Message-ID: References: <4B6BE7A2.6000402@eng.auth.gr> <4B6D3A18.2030304@eng.auth.gr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@freebsd.org, freebsd-stable Subject: Re: Kerberized NFSv3 incorrect behavior X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 22:22:58 -0000 On Sat, 6 Feb 2010, George Mamalakis wrote: > > thank you for all your answers. I am planning on setting up the computer labs > of my department using kerberized nfsv3 (since v4 seems to be "more" > experimental) with a FreeBSD nfs server and Linux nfs clients. I was > wondering "how stable" such an implementation would be; meaning that I > wouldn't want to end up with an unstsable setup when receiving requests from > 50-60 simultaneous clients, because that would be my everyday scenario. > I believe that the above should be stable, but your mileage may vary, as they say. The main issue will be what your TGT lifetime will be, since client access to the server will normally stop when the TGT expires. Some systems (Mac OS X) will automagically renew the TGT before it expires, if your KDC allows that. I don't think most/all Linux systems do this by default, but there are some utilities out there (try a search for krenew) that will do so. Basically, I think you'll want to avoid TGTs expiring before the user logs out. You also need a unique uid<->user principal mapping for all users logging in. You definitely want to do some testing with whatever Linux system you are using for the client. Good luck with it, rick ps: Choosing nfsv3 vs nfsv4 is basically independent of using RPCSEC_GSS except for the host based initiator credential needed by some clients (Linux and Solaris10 are among those) for NFSv4.