[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Trying to debug nfs install issue, increase verbosity of nfs server?



On Mon, Jan 19, 2009 at 4:06 PM, Patrice Dumas <pertusus free fr> wrote:
On Mon, Jan 19, 2009 at 09:08:11AM -0500, Steve Dickson wrote:

> The discussion about the fact mountd (statd) no longer accept connections from
> unknown IP address (similar to other system daemon) due to a "fix" in the tcp
> wrapper code is at:

This is not a change in tcp_wrapper, but in nfs-utils. And as far as I
can tell this is not already upstream, so this looks like (but I may
be wrong) a fedora specific change in mountd.

I think that it is a very questionable change. Maybe it makes sense
for NFSv4 (but is mountd involved in NFSv4?), but for NFSv3, it
doesn't make sense to me, since there is no security at all in any
case.

I may very well be missing something, though.


In fact the control is in mountd.  In  nfs-utils-1.1.4-6 in FC10 ./utils/mountd/auth.c call
auth_authenticate which call client_resolve that do the check forward/reverse lookup via the
call to get_reliable_hostbyaddr in ./support/export/hostname.c.  And this is in the upstream release.

Regards


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]