[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Trying to debug nfs install issue, increase verbosity of nfs server?



On Mon, Jan 19, 2009 at 09:08:11AM -0500, Steve Dickson wrote:

> The discussion about the fact mountd (statd) no longer accept connections from
> unknown IP address (similar to other system daemon) due to a "fix" in the tcp
> wrapper code is at:

This is not a change in tcp_wrapper, but in nfs-utils. And as far as I 
can tell this is not already upstream, so this looks like (but I may
be wrong) a fedora specific change in mountd.

I think that it is a very questionable change. Maybe it makes sense 
for NFSv4 (but is mountd involved in NFSv4?), but for NFSv3, it 
doesn't make sense to me, since there is no security at all in any 
case.

I may very well be missing something, though.

> Through some side bar discussion it been suggested an update to
> the man page is probably need (which I agree) and maybe a flag
> of some sort to allow unknown IP address access. I must admit, I'm
> a bit hesitant to do the later, since I don't think its a good idea
> to allow unknown client access any system daemon... 

Why not? Forcing reverse DNS lookup to be working seems to me to be 
quite extreme. In a typical local network, for NFSv3, not having 
reverse lookup working for clients seems quite natural to me, especially
on NATed networks.

--
Pat


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]