git.baikalelectronics.ru Git - kernel.git/commit

author	Chuck Lever <chuck.lever@oracle.com>
	Sat, 16 Mar 2013 19:56:20 +0000 (15:56 -0400)
committer	Trond Myklebust <Trond.Myklebust@netapp.com>
	Fri, 29 Mar 2013 19:45:22 +0000 (15:45 -0400)
commit	36fe49f6fbd4e281dea8561dd30122973e1a305e
tree	0b98de1389a22bea9f12f698f848b7cb63424f1c	tree \| snapshot
parent	7de7560b9112b2a4844ed9aaf6f71ba8b93048b6	commit \| diff

NFS: Use "krb5i" to establish NFSv4 state whenever possible

Currently our client uses AUTH_UNIX for state management on Kerberos
NFS mounts in some cases.  For example, if the first mount of a
server specifies "sec=sys," the SETCLIENTID operation is performed
with AUTH_UNIX.  Subsequent mounts using stronger security flavors
can not change the flavor used for lease establishment.  This might
be less security than an administrator was expecting.

Dave Noveck's migration issues draft recommends the use of an
integrity-protecting security flavor for the SETCLIENTID operation.
Let's ignore the mount's sec= setting and use krb5i as the default
security flavor for SETCLIENTID.

If our client can't establish a GSS context (eg. because it doesn't
have a keytab or the server doesn't support Kerberos) we fall back
to using AUTH_NULL.  For an operation that requires a
machine credential (which never represents a particular user)
AUTH_NULL is as secure as AUTH_UNIX.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

fs/nfs/nfs4client.c		diff \| blob \| history
fs/nfs/nfs4state.c		diff \| blob \| history