[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Trying to debug nfs install issue, increase verbosity of nfs server?




Patrice Dumas wrote:
> On Mon, Jan 19, 2009 at 09:08:11AM -0500, Steve Dickson wrote:
> 
>> The discussion about the fact mountd (statd) no longer accept connections from
>> unknown IP address (similar to other system daemon) due to a "fix" in the tcp
>> wrapper code is at:
> 
> This is not a change in tcp_wrapper, but in nfs-utils. And as far as I 
> can tell this is not already upstream, so this looks like (but I may
> be wrong) a fedora specific change in mountd.
> 
> I think that it is a very questionable change. Maybe it makes sense 
> for NFSv4 (but is mountd involved in NFSv4?), but for NFSv3, it 
> doesn't make sense to me, since there is no security at all in any 
> case.
> 
> I may very well be missing something, though.
> 
>> Through some side bar discussion it been suggested an update to
>> the man page is probably need (which I agree) and maybe a flag
>> of some sort to allow unknown IP address access. I must admit, I'm
>> a bit hesitant to do the later, since I don't think its a good idea
>> to allow unknown client access any system daemon... 
> 
> Why not? Forcing reverse DNS lookup to be working seems to me to be 
> quite extreme. In a typical local network, for NFSv3, not having 
> reverse lookup working for clients seems quite natural to me, especially
> on NATed networks.
hmm... the real need for the lookup is so the 'mountd: <hostsname>' in
either /etc/hosts.deny/allow will work... so I guess the idea of 
not don the tcp wrappers check at all might be the answer...

steved.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]