From owner-freebsd-hackers@freebsd.org Mon Nov 16 15:41:02 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3074FA30F9A for ; Mon, 16 Nov 2015 15:41:02 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 07FD718C6 for ; Mon, 16 Nov 2015 15:41:02 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: by mailman.ysv.freebsd.org (Postfix) id 03B7DA30F99; Mon, 16 Nov 2015 15:41:02 +0000 (UTC) Delivered-To: hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEF90A30F98 for ; Mon, 16 Nov 2015 15:41:01 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id 8EFE718C5 for ; Mon, 16 Nov 2015 15:41:01 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) IronPort-PHdr: 9a23:D9X/bR+VLgcjYf9uRHKM819IXTAuvvDOBiVQ1KB91u4cTK2v8tzYMVDF4r011RmSDdidtq0P1LGempujcFJDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXsq3G/pQQfBg/4fVIsYL+lR8iP0I/ojKibwN76XUZhvHKFe7R8LRG7/036l/I9ps9cEJs30QbDuXBSeu5blitCLFOXmAvgtI/rpMYwu3cYh/V0zMpJTqyyWKA4SqJTDDkgMGcrrJnwsQbrXxueoGAEWCMMj0wbLRLC6UTAX5zy+g7zvel51SzSadfzRLs3XTmnx7psRwLljD8HcTUwpjKEwvdshb5W9Ury7yd0xJTZNdmY X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2DZAQD390lW/61jaINehA5vBr5aAQ2BCARYFwqFJUoCgXYUAQEBAQEBAQGBCYItggcBAQEDAQEBASArIAsFCwIBCA4KAgINBQETAgInAQkmAgQIBwQBHASIBQgNA6ojkAoBAQEBAQEBAwEBAQEBAQEBFwSBAYVThH6EOwEBBWEBglGBRAWOEYg3hR2FICSEIZIWiFICHwEBQoQiIDQHg3wHFyOBBwEBAQ X-IronPort-AV: E=Sophos;i="5.20,303,1444708800"; d="scan'208";a="250665094" Received: from nipigon.cs.uoguelph.ca (HELO zcs1.mail.uoguelph.ca) ([131.104.99.173]) by esa-jnhn.mail.uoguelph.ca with ESMTP; 16 Nov 2015 10:40:59 -0500 Received: from localhost (localhost [127.0.0.1]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id 146D615F56D; Mon, 16 Nov 2015 10:41:00 -0500 (EST) Received: from zcs1.mail.uoguelph.ca ([127.0.0.1]) by localhost (zcs1.mail.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id jPeJhXMuvGI5; Mon, 16 Nov 2015 10:40:59 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id A58C415F577; Mon, 16 Nov 2015 10:40:59 -0500 (EST) X-Virus-Scanned: amavisd-new at zcs1.mail.uoguelph.ca Received: from zcs1.mail.uoguelph.ca ([127.0.0.1]) by localhost (zcs1.mail.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id fxkMahbZcp0O; Mon, 16 Nov 2015 10:40:59 -0500 (EST) Received: from zcs1.mail.uoguelph.ca (zcs1.mail.uoguelph.ca [172.17.95.18]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id 89D5D15F56D; Mon, 16 Nov 2015 10:40:59 -0500 (EST) Date: Mon, 16 Nov 2015 10:40:59 -0500 (EST) From: Rick Macklem To: Slawa Olhovchenkov Cc: hackers@freebsd.org Message-ID: <1489367909.88538127.1447688459383.JavaMail.zimbra@uoguelph.ca> In-Reply-To: <20151116141433.GA31314@zxy.spb.ru> References: <9BC3EFA2-945F-4C86-89F6-778873B58469@cs.huji.ac.il> <20151115152635.GB5854@kib.kiev.ua> <3AEC67FD-2E67-4EF9-9D46-818ABF3D8118@cs.huji.ac.il> <661673285.88370232.1447682409478.JavaMail.zimbra@uoguelph.ca> <20151116141433.GA31314@zxy.spb.ru> Subject: Re: NFSv4 details and documentations MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.95.12] X-Mailer: Zimbra 8.0.9_GA_6191 (ZimbraWebClient - FF34 (Win)/8.0.9_GA_6191) Thread-Topic: NFSv4 details and documentations Thread-Index: TzBIzyoz1mCRPJh5uGJZHDLn7ZD8gg== X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 15:41:02 -0000 Slawa Olhovchenkov wrote: > On Mon, Nov 16, 2015 at 09:00:09AM -0500, Rick Macklem wrote: > > > There is a vfs operation called VFS_SYSCTL(). This isn't implemented on > > the current NFS client. It was implemented on the old one, but only for > > NFS locking events and I didn't understand what needed to be done, so I > > didn't do it. > > Rick, I am try to play with NFSv4 and Kerberos and see lack of > documentation. For example, nowhere documented that access to NFSv4 > mount do by NFSv3 rules. I.e. I need have /etc/exports with TWO lines: > > V4: /NFS -sec=krb5i > /NFS -sec=krb5i > > W/o second lines I got 10020 error (for NFSv4 mount). > Well, "man exports" does try and say this (and I've reworded it several times), but it is confusing. In simple terms, the "V4:" line does not export any file system and needs to be added to whatever you export via other lines. > What current status Kerberos support in NFS client/server? I found > many posts and wiki pages about lack some functionality, but also see > many works from you. > The main limitation (which comes from the fact that the RPCSEC_GSS implementation is version 1) is that it expects to use DES, which requires "weak authentication" to be enabled. Although parts about adding patches for initiator credentials no longer applies, this is still fairly useful. https://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup Anyone willing to improve/update this is more than welcome to do so. (I, personally, haven't set up a Kerberized NFS for a couple of years and I hate fiddling with it. When something isn't working, isolating the problem can be very difficult.) Good luck with it, rick ps: I put it on google as a wiki so anyone could update it, but I don't think anyone ever has. As I recall, anyone with a google login can update it. > Can you give some examples for kerberoized setup, with support cron > jobs? > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >