Trying to debug nfs install issue, increase verbosity of nfs server?
Patrice Dumas
pertusus at free.fr
Mon Jan 19 15:06:07 UTC 2009
On Mon, Jan 19, 2009 at 09:08:11AM -0500, Steve Dickson wrote:
> The discussion about the fact mountd (statd) no longer accept connections from
> unknown IP address (similar to other system daemon) due to a "fix" in the tcp
> wrapper code is at:
This is not a change in tcp_wrapper, but in nfs-utils. And as far as I
can tell this is not already upstream, so this looks like (but I may
be wrong) a fedora specific change in mountd.
I think that it is a very questionable change. Maybe it makes sense
for NFSv4 (but is mountd involved in NFSv4?), but for NFSv3, it
doesn't make sense to me, since there is no security at all in any
case.
I may very well be missing something, though.
> Through some side bar discussion it been suggested an update to
> the man page is probably need (which I agree) and maybe a flag
> of some sort to allow unknown IP address access. I must admit, I'm
> a bit hesitant to do the later, since I don't think its a good idea
> to allow unknown client access any system daemon...
Why not? Forcing reverse DNS lookup to be working seems to me to be
quite extreme. In a typical local network, for NFSv3, not having
reverse lookup working for clients seems quite natural to me, especially
on NATed networks.
--
Pat
More information about the fedora-devel-list
mailing list