Re: [autofs] [RFC] Towards a Modern Autofs

• Previous message: Torrey Hoffman: "Re: 2.6.1-rc2-mm1"
• In reply to: H. Peter Anvin: "Re: [autofs] [RFC] Towards a Modern Autofs"
• Next in thread: H. Peter Anvin: "Re: [autofs] [RFC] Towards a Modern Autofs"
• Reply: H. Peter Anvin: "Re: [autofs] [RFC] Towards a Modern Autofs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Thu, 8 Jan 2004 21:08:44 +0100 (CET)
To: <hpa@zytor.com>

>> If anyone wants evidence of how broken the whole daemon thing is, then
>> see the workarounds that had to be made in RFC-2623 to disable strong
>> authentication for GETATTR etc. on the NFSv2/v3 mount point.
>>
>
> It's not broken as much as what you want to do is outside the scope of
> automount. automount is one particular user of these facilities, and as
> you correctly point out, it can't solve the problems for all of them.
> The right thing for AFS and NFSv4 is clearly to do something different.

My point is that the above problem crops up in almost *all* combinations
of automounter daemon with remote filesystem and strong authentication.
In order to correctly mount the remote filesystem, the automounter
itself needs a minimum set of remote privileges (typically it needs to be
able
to browse the remote filesystem).

RFC-2623 describes how to add RPCSEC_GSS to NFSv2/v3. The
workarounds (hacks really) that I refer to above had to be deliberately
added in order to make Sun's automounter work in this environment.
The alternative would have been to have a global "machine" credential
for use by the automounter when browsing /net. Hardly secure...

> That being said, mount traps in particular, and possibly this "trap
> filesystem" are more generic kernel facilities which should be of use to
> other things than automount. AFS/NFSv4 are the obvious examples, quite
> possibly other things like intermezzo might be interested, and we don't
> want to have to reinvent the wheel every time.

Certainly. I believe CIFS might also have a similar mechanism.

Cheers,
   Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Torrey Hoffman: "Re: 2.6.1-rc2-mm1"
• In reply to: H. Peter Anvin: "Re: [autofs] [RFC] Towards a Modern Autofs"
• Next in thread: H. Peter Anvin: "Re: [autofs] [RFC] Towards a Modern Autofs"
• Reply: H. Peter Anvin: "Re: [autofs] [RFC] Towards a Modern Autofs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [autofs] [RFC] Towards a Modern Autofs ... > of automounter daemon with remote filesystem and strong authentication. ... your global machine credential is to some degree "all the security ... (Linux-Kernel) /net and automountd problems ... We have some Sun servers where the automounter was ... servers which have a working /net facility. ... remote filesystem by hand works without problems and it's not possible to ... (SunManagers) Re: Why is hotplug a kernel helper? ... > Admittedly, I'm still using the RH8 hotplug scripts, and I suspect ... automounter automounts them when I change ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel) Re: NFS oops with 2.6.4 server / Solaris 2.8 client ... > automounter in /net to access the Linux server. ... mount version older than kernel ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)