Return-Path: Received: from blade3.isti.cnr.it ([194.119.192.19]:56772 "EHLO BLADE3.ISTI.CNR.IT" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754706Ab0K2Wsh (ORCPT ); Mon, 29 Nov 2010 17:48:37 -0500 Received: from SCRIPT-SPFWL-DAEMON.mx.isti.cnr.it by mx.isti.cnr.it (PMDF V6.5 #31825) id <01NUUI24WZOWLKRHSU@mx.isti.cnr.it> for linux-nfs@vger.kernel.org; Mon, 29 Nov 2010 23:47:27 +0100 (MET) Received: from conversionlocal.isti.cnr.it by mx.isti.cnr.it (PMDF V6.5 #31825) id <01NUUI23HPSGLS5SU7@mx.isti.cnr.it> for linux-nfs@vger.kernel.org; Mon, 29 Nov 2010 23:47:25 +0100 (MET) Received: from [151.82.44.231] by mx.isti.cnr.it (PMDF V6.5 #31826) with ESMTPSA id <01NUUI20AJA2LPPCPJ@mx.isti.cnr.it> for linux-nfs@vger.kernel.org; Mon, 29 Nov 2010 23:47:22 +0100 (MET) Date: Mon, 29 Nov 2010 23:47:20 +0100 From: Spelic Subject: Re: NFSv4 behaviour on unknown users In-reply-to: <20101129195010.GA6423@hostway.ca> To: linux-nfs@vger.kernel.org Message-id: <4CF42D78.3010604@shiftmail.org> Content-type: text/plain; format=flowed; charset=ISO-8859-1 References: <4CF3E3AD.2040502@shiftmail.org> <20101129195010.GA6423@hostway.ca> Sender: linux-nfs-owner@vger.kernel.org List-ID: MIME-Version: 1.0 On 11/29/2010 08:50 PM, Simon Kirby wrote: > ... > I tried to write the NFSv4 spec people, but didn't get any reply. I can > see maybe why they would want to do this by default, but it's not like > people don't already have years of experience with how NFSv3 and earlier > worked, and I still think should at least be a way to request that > behaviour. > Yeah!!! currently it sucks... er... I don't understand... never before I came across a "new version" of a software or a protocol which allows to do many fewer things than the older version. This sucks. Lots of use cases for NFS here are totally lost. I'm thinking that even if I'd setup LDAP for everything here, things would not be easy, because we have server1 which has certain users and groups, server2+server3 which are for a different project and have different users and groups etc... and now we need to have the NFS server understand all those sets of users simultaneously, but the various servers only need to understand theirs and the other people should not be able to log in! Maybe it's possible (I don't know how), but looks like a major headache. And now we probably cannot even have more than one LDAP server any longer: all LDAP probably needs to be centralized on a single machine which is where the NFS server(s) authenticate... it looks like a real problem for the independence of projects... and I really fear to think of what will happen if that machine fails! I'd be glad to go back to NFS version 3 but we need nfs on infiniband rdma now, and afaik it's only available in version 4. If it's still possible to change the specs or break them, well... you sure have my vote! Thank you S.