[OmniOS-discuss] NFSv4 id mapping only working on client but not server?
Paul B. Henson
henson at acm.org
Fri Dec 5 19:31:26 UTC 2014
> From: Ian Kaufman
> Sent: Friday, December 05, 2014 8:53 AM
>
> As far as I recall, AUTH_UNIX (aka AUTH_SYS) uses RPC, and RPC has not
> been augmented to support NFSv4 yet.
Ah, right; I forgot about that annoyance :(. My systems are using kerberized NFS, which doesn't rely on uid/gid being passed over the wire. I remember now when we needed to integrate a system that wouldn't do kerberos, and we had the exact same uid mismatch issues. I don't know why they didn't introduce a new mechanism such as AUTH_SYSNAME with NFSv4 that would be identical to AUTH_SYS but use string identifiers rather than hardcoded id's over the wire, that's quite a deficiency.
For a small scale, it's a bit of a pain/overkill to have to set up a kerberos infrastructure. I've never tried secure RPC using Diffie Hellman, that might work if you're purely Solaris/illumos, but I don't believe linux supports that. And I'm not even sure whether or not that uses string identifiers or numeric IDs on the wire…
More information about the OmniOS-discuss
mailing list