Re: [nfsv4] New version of NFSv4 multi-domain access draft (
James Lentini <jlentini@netapp.com> Tue, 05 October 2010 16:05 UTC
Return-Path: <jlentini@netapp.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 877EA3A6E25 for <nfsv4@core3.amsl.com>; Tue, 5 Oct 2010 09:05:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.563
X-Spam-Level:
X-Spam-Status: No, score=-5.563 tagged_above=-999 required=5 tests=[AWL=0.436, BAYES_00=-2.599, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxBZGNHrnzXm for <nfsv4@core3.amsl.com>; Tue, 5 Oct 2010 09:05:42 -0700 (PDT)
Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by core3.amsl.com (Postfix) with ESMTP id EECED3A6CBE for <nfsv4@ietf.org>; Tue, 5 Oct 2010 09:05:41 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.57,284,1283756400"; d="scan'208";a="463167068"
Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx2-out.netapp.com with ESMTP; 05 Oct 2010 09:06:40 -0700
Received: from jlentini-linux.hq.netapp.com (jlentini-linux.hq.netapp.com [10.97.16.21]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id o95G6dWt016226; Tue, 5 Oct 2010 09:06:39 -0700 (PDT)
Date: Tue, 05 Oct 2010 12:06:39 -0400
From: James Lentini <jlentini@netapp.com>
X-X-Sender: jlentini@jlentini-linux.nane.netapp.com
To: "William A. (Andy) Adamson" <androsadamson@gmail.com>
In-Reply-To: <AANLkTik=VhHs-7Dk4tOV4Bq-RxpJ-9HmEcUycaehRc6s@mail.gmail.com>
Message-ID: <alpine.LFD.2.00.1010051203180.10194@jlentini-linux.nane.netapp.com>
References: <AANLkTik=VhHs-7Dk4tOV4Bq-RxpJ-9HmEcUycaehRc6s@mail.gmail.com>
User-Agent: Alpine 2.00 (LFD 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: NFSv4 <nfsv4@ietf.org>
Subject: Re: [nfsv4] New version of NFSv4 multi-domain access draft (
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2010 16:05:43 -0000
I will schedule time during the FedFS call on 10/28 for Andy to present this draft and give folks who have read it a chance to ask him questions in real time. -james On Thu, 30 Sep 2010, William A. (Andy) Adamson wrote: > Hello > > I uploaded a new version of our internet draft "NFSv4 Multi-Domain Access" > > http://www.ietf.org/id/draft-adamson-nfsv4-multi-domain-access-03.txt > > Please have a look and give us any feedback. > > There are a number of sections that need text. Here are some issues > that need discussion. > > 1) NFSv4 is not the only potential consumer. NFSv3, and SFTP, for > example. Do we mention these and/or other potential consumers. > > 2) Section 5.4.3. Resolving Domain Names to Domain IDs > > We need to have a common way to map Domain Names to Domain IDs. > Currently we have two suggestions > - Just use SIDs, first asking MSFT to allocate a suitable authority > for non-Windows domain SIDs. > - Store 96-bit numeric IDs > a) cast those to domain SIDs later. > b) define a non-SID large ID format > > 3) Section 6.1.2. RPCSEC_GSS Authorization Context Credential Data > > Do we want to define a new "PAC" for multi-domain access for those > implementations that don't provide the Windows PAC, or just insist > upon the use of the Microsoft PAC. > > 4) General review of section 6.3. User Group Membership Determination > - Do we depend upon 2307bis > - Do we require groups within groups > > 5) Do we need a section on service discovery. Two potential methods: > - Use local methods (configuration, DNS SRV RR lookups, ...) to > discover local domain's servers, then depend on LDAP referrals for > discovering all other domains' s > - Use DNS SRV RRs much the way AD does.ervers. > > > -->Andy > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4 >
- [nfsv4] New version of NFSv4 multi-domain access … William A. (Andy) Adamson
- Re: [nfsv4] New version of NFSv4 multi-domain acc… James Lentini
- Re: [nfsv4] New version of NFSv4 multi-domain acc… Nicolas Williams
- Re: [nfsv4] New version of NFSv4 multi-domain acc… Everhart, Craig
- Re: [nfsv4] New version of NFSv4 multi-domain acc… William A. (Andy) Adamson