forked from Minki/linux
04716e6621
RFC 2623 section 2.3.2 permits the server to bypass gss authentication checks for certain operations that a client may perform when mounting. In the case of a client that doesn't have some form of credentials available to it on boot, this allows it to perform the mount unattended. (Presumably real file access won't be needed until a user with credentials logs in.) Being slightly more lenient allows lots of old clients to access krb5-only exports, with the only loss being a small amount of information leaked about the root directory of the export. This affects only v2 and v3; v4 still requires authentication for all access. Thanks to Peter Staubach testing against a Solaris client, which suggesting addition of v3 getattr, to the list, and to Trond for noting that doing so exposes no additional information. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: Peter Staubach <staubach@redhat.com> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> |
||
|---|---|---|
| .. | ||
| auth.c | ||
| auth.h | ||
| export.c | ||
| lockd.c | ||
| Makefile | ||
| nfs2acl.c | ||
| nfs3acl.c | ||
| nfs3proc.c | ||
| nfs3xdr.c | ||
| nfs4acl.c | ||
| nfs4callback.c | ||
| nfs4idmap.c | ||
| nfs4proc.c | ||
| nfs4recover.c | ||
| nfs4state.c | ||
| nfs4xdr.c | ||
| nfscache.c | ||
| nfsctl.c | ||
| nfsfh.c | ||
| nfsproc.c | ||
| nfssvc.c | ||
| nfsxdr.c | ||
| stats.c | ||
| vfs.c | ||