Date: Mon, 16 Nov 2015 10:40:59 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: hackers@freebsd.org Subject: Re: NFSv4 details and documentations Message-ID: <1489367909.88538127.1447688459383.JavaMail.zimbra@uoguelph.ca> In-Reply-To: <20151116141433.GA31314@zxy.spb.ru> References: <9BC3EFA2-945F-4C86-89F6-778873B58469@cs.huji.ac.il> <20151115152635.GB5854@kib.kiev.ua> <3AEC67FD-2E67-4EF9-9D46-818ABF3D8118@cs.huji.ac.il> <661673285.88370232.1447682409478.JavaMail.zimbra@uoguelph.ca> <20151116141433.GA31314@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Slawa Olhovchenkov wrote: > On Mon, Nov 16, 2015 at 09:00:09AM -0500, Rick Macklem wrote: > > > There is a vfs operation called VFS_SYSCTL(). This isn't implemented on > > the current NFS client. It was implemented on the old one, but only for > > NFS locking events and I didn't understand what needed to be done, so I > > didn't do it. > > Rick, I am try to play with NFSv4 and Kerberos and see lack of > documentation. For example, nowhere documented that access to NFSv4 > mount do by NFSv3 rules. I.e. I need have /etc/exports with TWO lines: > > V4: /NFS -sec=krb5i > /NFS -sec=krb5i > > W/o second lines I got 10020 error (for NFSv4 mount). > Well, "man exports" does try and say this (and I've reworded it several times), but it is confusing. In simple terms, the "V4:" line does not export any file system and needs to be added to whatever you export via other lines. > What current status Kerberos support in NFS client/server? I found > many posts and wiki pages about lack some functionality, but also see > many works from you. > The main limitation (which comes from the fact that the RPCSEC_GSS implementation is version 1) is that it expects to use DES, which requires "weak authentication" to be enabled. Although parts about adding patches for initiator credentials no longer applies, this is still fairly useful. https://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup Anyone willing to improve/update this is more than welcome to do so. (I, personally, haven't set up a Kerberized NFS for a couple of years and I hate fiddling with it. When something isn't working, isolating the problem can be very difficult.) Good luck with it, rick ps: I put it on google as a wiki so anyone could update it, but I don't think anyone ever has. As I recall, anyone with a google login can update it. > Can you give some examples for kerberoized setup, with support cron > jobs? > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1489367909.88538127.1447688459383.JavaMail.zimbra>