Hi folks,

We tend to use unix style security on shares that are accessed
via both NFS and CIFS.  Being a university we have a large number
of users and groups, and some folks belong to numerous groups.
(We use group permissions for shared projects and some folks
are members of many unix groups.)

We use NFS v3 exclusively and the auxiliary group list is passed
by the NFS client in each NFS packet, and it is limited to 16 groups.
This is rather inconvenient for some NFS users.  Does anyone know
if this is a hard NFS v3 limit?

For CIFS we authenticate via a Windows domain and the CIFS credentials
are mapped to Unix credentials for unix style security.  We noticed
with  "cifs shares -s username" that folks were being limited to
32 unix groups.  I have discovered that you can do this:

options nfs.max_num_aux_groups 256

(the only legal values are 32 and 256, we have DOT 8.0.1 7-Mode.)

and now our CIFS users who belong to over 32 unix groups are getting
all their groups.  No help for NFS v3 but this will make several
of our CIFS users happy.

Steve Losen   scl@virginia.edu    phone: 434-924-0640

University of Virginia               ITC Unix Support


_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters

---------------------------------------------------------------------
Intel Israel (74) Limited

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.