--- Brian Parent bparent@calvin.ucsd.edu wrote:
Re:
Date: Thu, 16 Mar 2006 23:02:50 -0800 (PST) From: Mike Eisler email2mre-toasters@yahoo.com Subject: RE: NFSv4 [was: Re: Mixed Mode] To: toasters@mathworks.com
-----Original Message----- From: Brian Parent [mailto:bparent@calvin.ucsd.edu] Sent: Thursday, March 16, 2006 4:04 PM To: toasters@mathworks.com Subject: NFSv4 [was: Re: Mixed Mode]
A year or so ago, I was successful in getting NFSv4 to work between a R100 (DOT 6.4.5) using CIFS and NFS and a Solaris 8 client. I don't
Do you mean NFSv4 or do you mean NFSv3 with Kerberos?
The thing is, Sun never shipped NFSv4 for Solaris 8. There was an early access NFSv4 implementation that predated Solaris 10, but I think it was only for Solaris 9, and wasn't generally available.
However, in Solaris before Solaris 10, you can specify:
vers=4
on the mount command line, and it will be accepted. That's because the mount command is internally changing the 4 to a 3.
I can't speak to the internals, as I haven't viewed the code, but I do recall that when using vers=4 in the mount option, I observed a change in the packets on the network. It was pretty clear that no packets were exchanged between the NFS client and server during the mount operation. The first packets exchanged were triggered only when file access was attempted.
Just checked with Solaris engineering. They did indeed first implement NFSv4 on Solaris 8, but it was a development build that should have never escaped Sun's premises.
There's no Kerberized NFS or NFSv4 in MacOS X.
I should have been specific: there's no Kerberized V5 NFS or NFSv4 in MacOS X.
We actually got kerberized NFS working between our filer and a MacOS X box running 10.3.9. In 10.4 (Tiger), Apple seemed to have removed some key libraries, and we're trying to work with Apple to get the libraries put back in.
Yes, Apple tells me this 10.3 had NFSv3 over AUTH_KERB4, using Kerberos V4 authentication. ONTAP never has had Kerberos V4.
Currently, we're using IPsec with non-kerberized NFS to deal with the vulnerabilities inherent in trusting IP address for authorization in an environment where network jacks in public places exist (e.g. most Universities).
How is the performance of this? Are you using AH or ESP?