[openib-general] mapping between IP address and device name

Talpey, Thomas Thomas.Talpey at netapp.com
Fri Jun 24 09:34:41 PDT 2005


At 12:19 PM 6/24/2005, Roland Dreier wrote:
>It seems far preferable to me to just define the wire protocol of
>NFS/RDMA for IB such that a client passes its IP address as part of
>the connection request.  This scheme was used for SDP to avoid
>precisely the complications that we're discussing now.

But that's totally and completely insecure. The goal of /etc/exports
is to place at least part of the client authentication in the network
rather than the supplied credentials. NFS has quite enough of a
history with AUTH_SYS to prove the issues there. Some of the
exports options (e.g. the *_squash ones) are specifically because
of this.

I don't care about ATS either, by the way. I'm looking for an
interoperable alternative.

Tom.



More information about the general mailing list