From: Uresh Vahalia (vahalia@emc.com)
Date: 07/23/99-11:11:03 PM Z
Message-ID: <37993CD6.A13E71DB@emc.com> Date: Sat, 24 Jul 1999 00:11:03 -0400 From: Uresh Vahalia <vahalia@emc.com> Subject: Re: first nfsv4 procedure If Kv5 is mandatory, how can the server not accept that flavor? Due to a site-specific setting? In such case, if a site has not deployed Kerberos, how will the client use Kv5? My interpretation is, the fact that Kv5 is mandatory to implement does not mean it should be the default mechanism. Admins should be able to specify the default either for individual hosts or for the site. Clients should be able to use any of the auth flavors for the initial contact. If the server does not like it, it can send a WRONGSEC error, forcing the client to use SECINFO and negotiate. Uresh ======================= Mike Eisler wrote: > right now the specirication lists Kerberos V5 as the only mandatory > to implement security mechanism under RPCSEC_GSS. > > The client would issue a LOOKUP, using the ROOT FH or public FH to get > the fh for a multi-component pathname, using Kerberos V5 under > RPCSEC_GSS. If the server doesn't accept that flavor, then it will > says so with a WRONGSEC error, obliging the client to use SECINFO to > determine what it should uses.
This archive was generated by hypermail 2.1.2 : 03/04/05-01:47:22 AM Z CST