• Chuck Lever's avatar
    NFS: Use "krb5i" to establish NFSv4 state whenever possible · 4edaa308
    Chuck Lever authored
    Currently our client uses AUTH_UNIX for state management on Kerberos
    NFS mounts in some cases.  For example, if the first mount of a
    server specifies "sec=sys," the SETCLIENTID operation is performed
    with AUTH_UNIX.  Subsequent mounts using stronger security flavors
    can not change the flavor used for lease establishment.  This might
    be less security than an administrator was expecting.
    
    Dave Noveck's migration issues draft recommends the use of an
    integrity-protecting security flavor for the SETCLIENTID operation.
    Let's ignore the mount's sec= setting and use krb5i as the default
    security flavor for SETCLIENTID.
    
    If our client can't establish a GSS context (eg. because it doesn't
    have a keytab or the server doesn't support Kerberos) we fall back
    to using AUTH_NULL.  For an operation that requires a
    machine credential (which never represents a particular user)
    AUTH_NULL is as secure as AUTH_UNIX.
    Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
    Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    4edaa308
nfs4client.c 22.8 KB