Date: Tue, 13 Apr 2010 21:34:14 -0500 From: Brooks Davis <brooks@freebsd.org> To: Knowledge Seeker <knoseeker@googlemail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: RPC and NFS more than 16 groups Message-ID: <20100414023414.GD81708@lor.one-eyed-alien.net> In-Reply-To: <t2nb5ec32921004131600q5cbfad0uee7fc35103f7e115@mail.gmail.com> References: <t2nb5ec32921004131600q5cbfad0uee7fc35103f7e115@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--7DO5AaGCk89r4vaK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 13, 2010 at 11:00:48PM +0000, Knowledge Seeker wrote: > Hi, > I need to have my NFS server to authenticate more than 16 groups when the= re > is a file access. >=20 > I would like to know if I can just redefine my MACROS to accomplish that. >=20 > The macro would be: NGRPS, because it is tested against the variable > ngroups which comes from NGROUPS value. >=20 > /* gids compose part of a credential; there may not be more than 16 of th= em > */ > #define NGRPS 16 >=20 > In: >=20 > sys/rpc/authunix_prot.c > sys/rpc/svc_auth_unix.c > usr.sbin/rpc.lockd/kern.c > include/rpc/auth_unix.h > lib/libc/rpc/PSD.doc/xdr.nts.ms >=20 > Is there any critical issue in change the defs and recompile the kernel a= nd > the world? It won't work unless you also change the clients and then you will be sending invalid RPC packets over the wire. If you can live with that it may well work. The real answer is switch to NFSv4 and GSSAPI authentication where the group checking all takes place on the server where it belongs in the first place. -- Brooks --7DO5AaGCk89r4vaK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFLxSmlXY6L6fI4GtQRArepAKCK+BJrgxV6veRR/Gsq05LZzzxztgCfX6N1 KQri5YK/ALW/dqkkemPfuQI= =YRkI -----END PGP SIGNATURE----- --7DO5AaGCk89r4vaK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100414023414.GD81708>