> On 16 Apr 2018, at 15:12, Rick Macklem <rmack...@uoguelph.ca> wrote: > > Julian Elischer wrote: >> On 16/4/18 6:37 pm, Julian Elischer wrote: >>> Windows users seem to have an almost unlimited number of groups and >>> soem places seem to use them a LOT. >>> This gives Posix systems problems with deciding how to handle them >>> all. Especially when getting >>> user credentials from winbindd (samba). >>> >>> Does anyone know of any work done to either bypass this limit or to >>> at least expand it? >> >> I mean with the other applications such NFS usages etc. >> I know mountd explodes with > 16.. has anyone done a cleaning pass? > 16 is the limit "on-the-wire" per RFCs for Sun RPC. You can use > nfsuserd --manage-gids (see "man nfsuserd") > on the NFS server so that the daemon uses the group list for the uid in the > RPC instead of the list of groups (limited to 16) in the RPC header. Works > fine so > long as the server knows the same group list for a uid as the client(s) do. > > And, yes, this applies to NFSv3 as well as NFSv4. >
it is not entirely exact. The number of supplemental groups is the limit of AUTH_SYS (aka AUTH_UNIX) authentication mechanism used by ONC+ RPC. So anything using/supporting this auth mechanism, has this limit too. Therefore, on paper, there is 2 possible ways to overcome the issue - either use alternate authentication mechanism (such as AUTH_GSS), or implement workaround for AUTH_SYS. rgds, toomas _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
