*BSD News Article 20188


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:4735 comp.os.386bsd.bugs:1296
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!darkstar.UCSC.EDU!cats.ucsc.edu!buhrow
From: buhrow@cats.ucsc.edu (Brian Buhrow)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.bugs
Subject: NETBSD 0.9 NFS AUTHENTICATION ( A PROBLEM)
Date: 30 Aug 1993 15:53:13 GMT
Organization: University of California; Santa Cruz
Lines: 35
Distribution: world
Message-ID: <25t7p9INN6lq@darkstar.UCSC.EDU>
NNTP-Posting-Host: hobbes.ucsc.edu



	Hello fellow 386bsd/netbsd/freebsd users.  I have a question regarding
the nfs client implementation on NetBSD-0.9.
	I have compiled various Kerberos IV programs to run under
NetBSD/386BSD to run on our athena cluster at the University of Santa Cruz.
These programs take the uid of the client and map it to a Kerberized
authenticated uid on the file servers.  For example, if you login to a
client machine as userid 4721 then you register with Kerberos as uid 4721,
the file server maps uid 4721 requests from the client, in this case the
NetBSD-0.9 machine, to authenticated uid 4721 on the file server.  This
also works if you are root on the client machine but register as uid 4721
on the file server.  Then, requests coming from root on the client get
mapped to uid 4721  on the Kerberized file server.
	So, here's my question.  When I compiled everything to run under
NetBSD-0.8, all went well.  Users were authenticated properly, people had
the proper permissions on their files, and no errors were generated from
the client side or the file server side.  When I compiled up NetBSD-0.9,
however, all the permissions seemed to work, the mappings worked fine, but,
whenever anyone accesses files on the file server, it complains about
weak authentication from the NetBSD client.  The basic problem is that
because we're running bit-mapped consoles on Sun IPC file servers, if you
generate over 1000 of these messages, the file server comes to its knees
and the users on that file server begin to complain.  Not to mention that
the nfs timeouts become too numerous to mention.
	Does anyone in the know of the basics of the 0.8 and 0.9 kernels know
what may have changed to cause this big problem?  Did someone try to use
effective uids in the ucred structures of the nfs requests rather than the
real uid?  Or, vice versa?  
	If anyone can help shed light on this matter, it would be most
appreciated.  Please mail responses to <buhrow@cats.ucsc.edu> because I
don't have time to grab all the responses off the net.
	If anyone else has had this problem, let me know.
-thanks