On Fri, 16 Apr 2010, Giulio Ferro wrote:
On 16.04.2010 10:29, Sean wrote:
Yes, I have more than 16 groups, 22 actually...
Then there's nothing "wrong" per se, you're just hitting the fact that NFS
v2 and v3 only support 16 groups on the wire. That's just the way the
protocol is defined.
Ops, I didn't know that...
Is there any solution solid enough for a production environment. Maybe nfs4?
Well, when you use sec=krb5[ip] on NFSv3 or NFSv4, the limitation of 16/17
groups goes away. However, this has a lot of other implications. (NFSv4
uses the same RPC protocol as NFSv2,3 and it is the specification of the
authentication header for what is called AUTH_SYS, which is the problem.
AUTH_SYS authenticators simply list a uid, gid and groups<16> #s in the
RPC header.
rick
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
