[nfsv4] New version of NFSv4 multi-domain access draft (
"William A. (Andy) Adamson" <androsadamson@gmail.com> Thu, 30 September 2010 17:39 UTC
Return-Path: <androsadamson@gmail.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D1C853A6D40 for <nfsv4@core3.amsl.com>; Thu, 30 Sep 2010 10:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_46=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3X-JBQ+B69Qy for <nfsv4@core3.amsl.com>; Thu, 30 Sep 2010 10:39:38 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id D33AE3A6D36 for <nfsv4@ietf.org>; Thu, 30 Sep 2010 10:39:37 -0700 (PDT)
Received: by iwn3 with SMTP id 3so3252153iwn.31 for <nfsv4@ietf.org>; Thu, 30 Sep 2010 10:40:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=UpI+S0wSMFocfVHUBIktlqucGd4U6eaCY3jIaHp8Ln4=; b=FC2I+fBwJy+SSTRW2bS/ycXH4ZLGR6KE+AGBOqqO2IPfxzmDGk8Uinp0FOPKkZE5hU vVqCuietMIYF5W3ypL6/wDsOGpjewCL51XIPvFsxjI3mkgqr+/aLD+eBqHe4UGaIhPUx 78Sjow7mCfQRpghQr1Fvj+RacrBhFoKOoK1Bo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=CeyiP8fVWOoFUWP92yKwslZUXr+8qQM7tJHsI+kjpZd6Tl+rsk0v3KAZojlgUysfOY HZax1GPYC1kKSB4wOlE3WsV+8dTnRV4Jlg5V8Xb9ssXEy2QPpH7PesjqHSp85rAbnNvv JQiwQw8jNH6IsC6QPzqx4hxYPLCqLOg5KL4hw=
MIME-Version: 1.0
Received: by 10.231.30.134 with SMTP id u6mr4071142ibc.121.1285868423801; Thu, 30 Sep 2010 10:40:23 -0700 (PDT)
Received: by 10.231.10.67 with HTTP; Thu, 30 Sep 2010 10:40:23 -0700 (PDT)
Date: Thu, 30 Sep 2010 13:40:23 -0400
Message-ID: <AANLkTik=VhHs-7Dk4tOV4Bq-RxpJ-9HmEcUycaehRc6s@mail.gmail.com>
From: "William A. (Andy) Adamson" <androsadamson@gmail.com>
To: NFSv4 <nfsv4@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [nfsv4] New version of NFSv4 multi-domain access draft (
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Sep 2010 17:39:39 -0000
Hello I uploaded a new version of our internet draft "NFSv4 Multi-Domain Access" http://www.ietf.org/id/draft-adamson-nfsv4-multi-domain-access-03.txt Please have a look and give us any feedback. There are a number of sections that need text. Here are some issues that need discussion. 1) NFSv4 is not the only potential consumer. NFSv3, and SFTP, for example. Do we mention these and/or other potential consumers. 2) Section 5.4.3. Resolving Domain Names to Domain IDs We need to have a common way to map Domain Names to Domain IDs. Currently we have two suggestions - Just use SIDs, first asking MSFT to allocate a suitable authority for non-Windows domain SIDs. - Store 96-bit numeric IDs a) cast those to domain SIDs later. b) define a non-SID large ID format 3) Section 6.1.2. RPCSEC_GSS Authorization Context Credential Data Do we want to define a new "PAC" for multi-domain access for those implementations that don't provide the Windows PAC, or just insist upon the use of the Microsoft PAC. 4) General review of section 6.3. User Group Membership Determination - Do we depend upon 2307bis - Do we require groups within groups 5) Do we need a section on service discovery. Two potential methods: - Use local methods (configuration, DNS SRV RR lookups, ...) to discover local domain's servers, then depend on LDAP referrals for discovering all other domains' s - Use DNS SRV RRs much the way AD does.ervers. -->Andy
- [nfsv4] New version of NFSv4 multi-domain access … William A. (Andy) Adamson
- Re: [nfsv4] New version of NFSv4 multi-domain acc… James Lentini
- Re: [nfsv4] New version of NFSv4 multi-domain acc… Nicolas Williams
- Re: [nfsv4] New version of NFSv4 multi-domain acc… Everhart, Craig
- Re: [nfsv4] New version of NFSv4 multi-domain acc… William A. (Andy) Adamson