I have been reading the nfs documentation and mailing lists and it is not
clear to me whether the current nfs implementation supports kerberos
authentication or not. There is nothing about that in the howto but in the
mailing list I see repeated references to "NFS using RPCSEC_GSS". However,
I haven't found any documentation on this either.
This issue mentioned in the howto:
"But the root user on the client can still use su to become any other user
and access and change that users files!" say you. To which the answer is:
Yes, and that's the way it is, and has to be with Unix and NFS. This has one
important implication: All important binaries and files should be owned by
root, and not bin or other non-root account, since the only account the
clients root user cannot access is the servers root account.
will not work for for our setup. We have kerberos in place for logins on
our linux/solaris/windows network and a kerberized samba but so far we have
no good solution for nfs since we will definitely need to allow local root
on the linux workstations on our network.
Could anyone point me at some good documentation on how to deploy nfs using
kerberos? Thanks in advance for any info.
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. http://www.etnus.com
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
hi steve-
the limitation you point out below is real, and would be
addressed by Kerberos authentication. however...
Linux NFS does not support RPCSEC mechanisms in the stable
kernel at the moment. that support is going into the
development kernel (2.5) over the next few months, and
will be available in a stable kernel when 2.6 appears, at
least for NFSv4. if we're all very very good, RPCSEC may
also be supported for the older versions of NFS too.
> -----Original Message-----
> From: Steve Salazar [mailto:[email protected]]
> Sent: Sunday, March 09, 2003 2:58 PM
> To: [email protected]
> Subject: [NFS] (no subject)
>=20
>=20
> I have been reading the nfs documentation and mailing lists=20
> and it is not=20
> clear to me whether the current nfs implementation supports kerberos=20
> authentication or not. There is nothing about that in the=20
> howto but in the=20
> mailing list I see repeated references to "NFS using=20
> RPCSEC_GSS". However,=20
> I haven't found any documentation on this either.
>=20
> This issue mentioned in the howto:
>=20
> "But the root user on the client can still use su to become=20
> any other user=20
> and access and change that users files!" say you. To which=20
> the answer is:=20
> Yes, and that's the way it is, and has to be with Unix and=20
> NFS. This has one=20
> important implication: All important binaries and files=20
> should be owned by=20
> root, and not bin or other non-root account, since the only=20
> account the=20
> clients root user cannot access is the servers root account.
>=20
> will not work for for our setup. We have kerberos in place=20
> for logins on=20
> our linux/solaris/windows network and a kerberized samba but=20
> so far we have=20
> no good solution for nfs since we will definitely need to=20
> allow local root=20
> on the linux workstations on our network.
>=20
> Could anyone point me at some good documentation on how to=20
> deploy nfs using=20
> kerberos? Thanks in advance for any info.
>=20
>=20
>=20
> _________________________________________________________________
> The new MSN 8: advanced junk mail protection and 2 months FREE* =20
> http://join.msn.com/?page=3Dfeatures/junkmail
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of=20
> TotalView, The debugger=20
> for complex code. Debugging C/C++ programs can leave you=20
> feeling lost and=20
> disoriented. TotalView can help you find your way. Available=20
> on major UNIX=20
> and Linux platforms. Try it free. http://www.etnus.com
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
>=20
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
What are some good NFS Benchmarking tests that I could run.
I already know the generic answers, such as use iozone, or use this or
that...Could I get some specifics? I need to test the throughput of 1
node, 16 nodes, 32 nodes and so on and so on.
Thanks,
Brent
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Try http://www.cs.duke.edu/ari/fstress/
It seems to do a good job on server benchmarking.
SteveD.
Brent M. Clements wrote:
>What are some good NFS Benchmarking tests that I could run.
>
>I already know the generic answers, such as use iozone, or use this or
>that...Could I get some specifics? I need to test the throughput of 1
>node, 16 nodes, 32 nodes and so on and so on.
>
>Thanks,
>Brent
>
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>NFS maillist - [email protected]
>https://lists.sourceforge.net/lists/listinfo/nfs
>
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Not sure how "specific" you like but SPECsfs97
has been adopted by many big name vendors:
http://www.spec.org/sfs97r1/
Wendy
----- Original Message -----
| Date: Mon, 10 Mar 2003 14:06:45 -0600 (CST)
| From: "Brent M. Clements" <[email protected]>
| To: <[email protected]>
| Subject: [NFS] NFS Benchmarking tests?
|
| What are some good NFS Benchmarking tests that I could run.
|
| I already know the generic answers, such as use iozone, or use this or
| that...Could I get some specifics? I need to test the throughput of 1
| node, 16 nodes, 32 nodes and so on and so on.
|
| Thanks,
| Brent
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs