Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:4735 comp.os.386bsd.bugs:1296 Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!darkstar.UCSC.EDU!cats.ucsc.edu!buhrow From: buhrow@cats.ucsc.edu (Brian Buhrow) Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.bugs Subject: NETBSD 0.9 NFS AUTHENTICATION ( A PROBLEM) Date: 30 Aug 1993 15:53:13 GMT Organization: University of California; Santa Cruz Lines: 35 Distribution: world Message-ID: <25t7p9INN6lq@darkstar.UCSC.EDU> NNTP-Posting-Host: hobbes.ucsc.edu Hello fellow 386bsd/netbsd/freebsd users. I have a question regarding the nfs client implementation on NetBSD-0.9. I have compiled various Kerberos IV programs to run under NetBSD/386BSD to run on our athena cluster at the University of Santa Cruz. These programs take the uid of the client and map it to a Kerberized authenticated uid on the file servers. For example, if you login to a client machine as userid 4721 then you register with Kerberos as uid 4721, the file server maps uid 4721 requests from the client, in this case the NetBSD-0.9 machine, to authenticated uid 4721 on the file server. This also works if you are root on the client machine but register as uid 4721 on the file server. Then, requests coming from root on the client get mapped to uid 4721 on the Kerberized file server. So, here's my question. When I compiled everything to run under NetBSD-0.8, all went well. Users were authenticated properly, people had the proper permissions on their files, and no errors were generated from the client side or the file server side. When I compiled up NetBSD-0.9, however, all the permissions seemed to work, the mappings worked fine, but, whenever anyone accesses files on the file server, it complains about weak authentication from the NetBSD client. The basic problem is that because we're running bit-mapped consoles on Sun IPC file servers, if you generate over 1000 of these messages, the file server comes to its knees and the users on that file server begin to complain. Not to mention that the nfs timeouts become too numerous to mention. Does anyone in the know of the basics of the 0.8 and 0.9 kernels know what may have changed to cause this big problem? Did someone try to use effective uids in the ucred structures of the nfs requests rather than the real uid? Or, vice versa? If anyone can help shed light on this matter, it would be most appreciated. Please mail responses to <buhrow@cats.ucsc.edu> because I don't have time to grab all the responses off the net. If anyone else has had this problem, let me know. -thanks