Feature #5296
closed
Support for more than 16 groups with AUTH_SYS
100%
Description
We need the support for more than 16 groups with AUTH_SYS security in NFS. Something similar as is documented here for Solaris 11.1:
http://docs.oracle.com/cd/E26502_01/html/E29022/chapter2-4.html#gjmtw
http://www.c0t0d0s0.org/archives/7634-Less-known-Solaris-11.1-features-A-user-in-1024-groups-and-a-workaround-for-a-25-year-old-problem.html
Related issues
Updated by Marcel Telka over 8 years ago
The implementation will use similar architecture as it was used for the uidmap/gidmap implementation (#4943). When the incoming AUTH_SYS credential will contain 16 groups, and the ngroups_max is set to more than 16, the in-kernel NFS server will ask mountd using the local nfsauth protocol (via doors) for the additional groups. The mountd will consult nss services to obtain the complete list of groups for the particular user and pass them back down to kernel.
Updated by Electric Monk over 8 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
git commit 89621fe174cf95ae903df6ceab605bf24d696ac3
commit 89621fe174cf95ae903df6ceab605bf24d696ac3
Author: Marcel Telka <marcel.telka@nexenta.com>
Date: 2014-11-25T20:31:18.000Z
5296 Support for more than 16 groups with AUTH_SYS
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
Updated by Marcel Telka over 7 years ago
- Related to Bug #6458: nfsauth_cache_get() deadlock with kmem reap thread added
Updated by Marcel Telka about 7 years ago
- Related to Bug #6770: nfsauth_retrieve() flood caused by NFS clients with personal identity problems added