RPC and NFS more than 16 groups
Brooks Davis
brooks at freebsd.org
Wed Apr 14 02:35:31 UTC 2010
On Tue, Apr 13, 2010 at 11:00:48PM +0000, Knowledge Seeker wrote:
> Hi,
> I need to have my NFS server to authenticate more than 16 groups when there
> is a file access.
>
> I would like to know if I can just redefine my MACROS to accomplish that.
>
> The macro would be: NGRPS, because it is tested against the variable
> ngroups which comes from NGROUPS value.
>
> /* gids compose part of a credential; there may not be more than 16 of them
> */
> #define NGRPS 16
>
> In:
>
> sys/rpc/authunix_prot.c
> sys/rpc/svc_auth_unix.c
> usr.sbin/rpc.lockd/kern.c
> include/rpc/auth_unix.h
> lib/libc/rpc/PSD.doc/xdr.nts.ms
>
> Is there any critical issue in change the defs and recompile the kernel and
> the world?
It won't work unless you also change the clients and then you will be
sending invalid RPC packets over the wire. If you can live with that it
may well work. The real answer is switch to NFSv4 and GSSAPI
authentication where the group checking all takes place on the server
where it belongs in the first place.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20100414/265ef002/attachment.pgp
More information about the freebsd-hackers
mailing list