From: Tom Haynes Subject: Re: Security negotiation Date: Tue, 14 Jul 2009 13:24:24 -0500 Message-ID: <4A5CCD58.7080001@excfb.com> References: <4A578372.1020005@excfb.com> <4A57AADE.8080002@excfb.com> <20090713174136.GA20884@fieldses.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Cc: Chuck Lever , Linux NFS Mailing List To: "J. Bruce Fields" Return-path: Received: from eastrmmtao105.cox.net ([68.230.240.47]:46558 "EHLO eastrmmtao105.cox.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753665AbZGNSYa (ORCPT ); Tue, 14 Jul 2009 14:24:30 -0400 In-Reply-To: <20090713174136.GA20884@fieldses.org> Sender: linux-nfs-owner@vger.kernel.org List-ID: J. Bruce Fields wrote: > Yeah, that was a linux mountd bug. Fixed by the below. And note the > rfc language it mentions: > > "For this reason, a NFS client SHOULD use the first flavor in the > list that it supports, on the assumption that the best access is > provided by the first flavor. NFS servers that support the > ability to export file systems with multiple security flavors > SHOULD either present the best accessing flavor first to the > client, or leave the order under the control of the system > administrator." > > Of course we may still be stuck with buggy servers, so perhaps a careful > client will still want to handle auth_null at least specially.... > > Hey Chuck and Bruce, Thanks for the discussion on this subject, it really helped us by understanding what the Linux client and server was doing. Tom