04716e6621
RFC 2623 section 2.3.2 permits the server to bypass gss authentication checks for certain operations that a client may perform when mounting. In the case of a client that doesn't have some form of credentials available to it on boot, this allows it to perform the mount unattended. (Presumably real file access won't be needed until a user with credentials logs in.) Being slightly more lenient allows lots of old clients to access krb5-only exports, with the only loss being a small amount of information leaked about the root directory of the export. This affects only v2 and v3; v4 still requires authentication for all access. Thanks to Peter Staubach testing against a Solaris client, which suggesting addition of v3 getattr, to the list, and to Trond for noting that doing so exposes no additional information. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: Peter Staubach <staubach@redhat.com> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> |
||
|---|---|---|
| .. | ||
| cache.h | ||
| const.h | ||
| debug.h | ||
| export.h | ||
| Kbuild | ||
| nfsd.h | ||
| nfsfh.h | ||
| state.h | ||
| stats.h | ||
| syscall.h | ||
| xdr.h | ||
| xdr3.h | ||
| xdr4.h | ||