The NFSv4 protocol allows clients to negotiate security protocols on the
fly in the case where an administrator on the server changes the export
settings and/or in the case where we may have a filesystem migration
event.
Instead of having the NFS client code cache credentials that are tied to
a particular AUTH method it is therefore preferable to have a generic
credential that can be converted into whatever AUTH is in use by the RPC
client when the read/write/sillyrename/... is put on the wire.
We do this by means of a new "generic" credential, which basically just
caches the minimal information that is needed to look up an RPCSEC_GSS,
AUTH_SYS, or AUTH_NULL credential.
We then ensure that when the rpc_init_task attempts to bind this
credential is bound to the task, it results in a lookup of a cred for
whatever auth mechanism is currently the default in task->tk_client.
--
Trond Myklebust
NFS client maintainer
NetApp
[email protected]
http://www.netapp.com