Tom Haynes wrote: > Andrew Gallatin wrote: >> >> Speaking of this, it seemed like there was confusion at the time >> of the original thread whether having the client prefer AUTH_NONE >> when AUTH_SYS was also offered is actually required by any standard. >> >> Recent OpenSolaris seems to be the only OS that does this, and >> doing so really feels like a bug. >> >> Drew > > The bug in OpenSolaris is that it does not consider the default security > flavor in /etc/nfssec.conf. > > You could consider that Linux also has a bug, as exports(5) states: > > For the purposes of security flavor negotiation, order counts: > preferred flavors should be listed first. > ... > > The Linux server is stating that it would prefer that the client uses > AUTH_NONE to > establish the mount. > > And the way the Linux client treats this is via nfs(5): > > If the sec option is not specified, or if sec=sys is specified, the > NFS client uses the AUTH_SYS > security flavor for all NFS requests on this mount point. > > It ignores the list of flavors (and indeed, not all of the flavors are > valid, at least not on my system). > > _______________________________________________ > nfs-discuss mailing list > nfs-discuss at opensolaris.org
So shortly after I sent this, we found out on the linux-nfs mailing list that their server team did consider this a bug and have fixed it. I've synced my Linux server up to a more recent image and AUTH_NONE is not being sent first as a valid security flavor. Not being sent at all actually. > commit 3c1bb23c0379864722e79d19f74c180edcf2c36e > Author: bc Wong <bcwong at cisco.com> > Date: Tue Mar 18 09:30:44 2008 -0400 See: http://www.spinics.net/lists/linux-nfs/msg08334.html
