> At last I've actually produced some code, and here it is.
>
> The user side of it hasn't been done yet, except enough to make it compile and
> run with the old-style explicit host entries.
>
> Basically, the kernel with this patch keeps a separate list of subnet exports,
> and whenever a remote IP address isn't found in the normal hash table, the
> subnet list is checked. If a match is then found, the corresponding host entry
> is automatically added to the hash table, and the request is authenticated.
>
> Previously, new host entries would only be added by the user-space kmountd when
> the host in question sent a mount request. If the rmtab was missing or corrupt,
> then hosts could lose their authenticated status, and complain of "Stale NFS
> file handle"s when the server restarted, and would not get re-authenticated
> unless they unmounted and remounted the filesystem, which wasn't always
> possible.
And this only covers the special case of subnet exports, not NIS group
exports, dns domain wildcard exports, ..... Adding all these to the kernel
is not possible (and not desirable). Matching the traditional Unix kernel
design rule of providing "mechanism not policy" I think it is best to add
some call back mechanism, where the kernel can ask user space to
reauthenticate before refusing a file handle. mountd could handle this
too, e.g. via a netlink socket.
Doing it in the kernel is the wrong way IMHO.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/