Date: Mon, 16 Nov 2009 11:45:17 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: =?utf-8?B?R2Vycml0IEvDvGhu?= <gerrit@pmp.uni-hannover.de> Cc: freebsd-current@freebsd.org Subject: Re: nfsv4 FreeBSD server vs. Linux client I/O error Message-ID: <Pine.GSO.4.63.0911161140430.7499@muncher.cs.uoguelph.ca> In-Reply-To: <20091116171527.0b44bae8.gerrit@pmp.uni-hannover.de> References: <20091112182414.cebec1df.gerrit@pmp.uni-hannover.de> <Pine.GSO.4.63.0911121436150.15244@muncher.cs.uoguelph.ca> <20091113103626.414acdbc.gerrit@pmp.uni-hannover.de> <Pine.GSO.4.63.0911131056060.20603@muncher.cs.uoguelph.ca> <20091116112631.e8733905.gerrit@pmp.uni-hannover.de> <Pine.GSO.4.63.0911161038100.23864@muncher.cs.uoguelph.ca> <20091116171527.0b44bae8.gerrit@pmp.uni-hannover.de>
index | next in thread | previous in thread | raw e-mail
On Mon, 16 Nov 2009, Gerrit Kühn wrote: > > Not for me, I do not need the feature. I was only thinking about it > because the better security of nfsv4 is easily gotten around when you > allow for the old v3 mounts in parallel. > You can use the "sec=" export option to restrict mount points to only allowing Kerberos (this works for NFSv3 as well as NFSv4) and is what will give you better security. (It's not an NFSv4 specific feature, it just happens to be required by the NFSv4 RFC.) rickhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.63.0911161140430.7499>