Feature #5296
Support for more than 16 groups with AUTH_SYS
| Status: | Closed | Start date: | 2014-11-07 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Marcel Telka | % Done: | 100% | |
| Category: | nfs - NFS server and client | |||
| Target version: | - | |||
| Difficulty: | Medium | Tags: | needs-triage |
Description
We need the support for more than 16 groups with AUTH_SYS security in NFS. Something similar as is documented here for Solaris 11.1:
http://docs.oracle.com/cd/E26502_01/html/E29022/chapter2-4.html#gjmtw
http://www.c0t0d0s0.org/archives/7634-Less-known-Solaris-11.1-features-A-user-in-1024-groups-and-a-workaround-for-a-25-year-old-problem.html
Related issues
History
#1
Updated by Marcel Telka over 1 year ago
The implementation will use similar architecture as it was used for the uidmap/gidmap implementation (#4943). When the incoming AUTH_SYS credential will contain 16 groups, and the ngroups_max is set to more than 16, the in-kernel NFS server will ask mountd using the local nfsauth protocol (via doors) for the additional groups. The mountd will consult nss services to obtain the complete list of groups for the particular user and pass them back down to kernel.
#2
Updated by Electric Monk over 1 year ago
- % Done changed from 0 to 100
- Status changed from In Progress to Closed
git commit 89621fe174cf95ae903df6ceab605bf24d696ac3
commit 89621fe174cf95ae903df6ceab605bf24d696ac3
Author: Marcel Telka <marcel.telka@nexenta.com>
Date: 2014-11-25T20:31:18.000Z
5296 Support for more than 16 groups with AUTH_SYS
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
#3
Updated by Marcel Telka 9 months ago
- Related to Bug #6458: nfsauth_cache_get() deadlock with kmem reap thread added
#4
Updated by Marcel Telka 4 months ago
- Related to Bug #6770: nfsauth_retrieve() flood caused by NFS clients with personal identity problems added
Also available in: Atom