On Thu, 23 Apr 2009 07:34:45 +0200, Tom Haynes <Thomas.Haynes at sun.com> wrote:
> The credentials problem is a known bug. > > I just can't find the bug number right now. > > I *think* if you say: > > mount -o sec=sys ...... > > it will start working as expected. > > There was a recent change to add server support for sec=none and the Linux > client hands it out first if no security flavor is supplied. > > So, if you supply your flavor, you should not see the issue. yes, in build 108 we integrated real kernel RPC support for AUTH_NONE, previously it was silently matched and handled as AUTH_SYS 6790413 AUTH_NONE implementation in kernel RPC http://bugs.opensolaris.org/view_bug.do?bug_id=6790413 it appears that the linux server as default has sec=none before sec=sys in the share so we'd start using real AUTH_NONE support for the mount and future access causing following problems 6828396 snv_111 sends wrong uid/gid to Linux NFSv3 server http://bugs.opensolaris.org/view_bug.do?bug_id=6828396 since AUTH_NONE is the first security flavour our client gets from the Linux server during mount, our client will then use AUTH_NONE for future access of course and will fail as described in 6828396 using sec=sys as either the first flavour or leave out sec=none completely brings us back to AUTH_SYS. sample snoop to illustrate the problem: 5 0.00156 solaris-client -> linux-server MOUNT3 C Mount /v3-server-test 6 0.00859 linux-server -> solaris-client MOUNT3 R Mount OK FH=5F67 Auth=none,unix,390003,390004,390005 --- frankB
