At 12:19 PM 6/24/2005, Roland Dreier wrote: >It seems far preferable to me to just define the wire protocol of >NFS/RDMA for IB such that a client passes its IP address as part of >the connection request. This scheme was used for SDP to avoid >precisely the complications that we're discussing now.
But that's totally and completely insecure. The goal of /etc/exports is to place at least part of the client authentication in the network rather than the supplied credentials. NFS has quite enough of a history with AUTH_SYS to prove the issues there. Some of the exports options (e.g. the *_squash ones) are specifically because of this. I don't care about ATS either, by the way. I'm looking for an interoperable alternative. Tom. _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general