The use of --manage-gids for rpc.mountd does not break the standard for a number of reasons.
- both the client and the server still send and receive up to 16 secondary groups per the standard. - This option to ignore the supplemental groups is not the default. We have both a debian server and a SUN Thumper server . Both use LDAP for authentication. When we use --manage-gids on the debian server, the UID from the AUTH_SYS is checked for group membership with LDAP. This partial server-side authentication is much preferred. The 16 groups sent by the client for AUTH-SYS are ignored. But our solaris machine is just broke because of AUTH_SYS. Although we have tight network control of our NFS clients which are all LDAP clients, we would rather have the server use LDAP to identify groups thus eliminating both the 16 group NFS problem and the 32 group Solaris maximum. We can not turn all the NFS cients to NFSv4 for many reasons. As mentioned above, AUTH_SYS can still be used for nfsv4. So it seems like a very good thing to implement --manage-gids. We are forced to replace our thumper, or install Debian Linux or a Linux with rpc.mountd >= 1.1.2 if this is possible with SUN hardware. PLEASE, for LDAP shops --manage-gids is a nice improvement to rpc.mountd. Thank you -- This message posted from opensolaris.org _______________________________________________ nfs-discuss mailing list [email protected]
