[openib-general] mapping between IP address and device name
Talpey, Thomas
Thomas.Talpey at netapp.com
Fri Jun 24 10:22:44 PDT 2005
At 12:42 PM 6/24/2005, Roland Dreier wrote:
> Thomas> But that's totally and completely insecure. The goal of
> Thomas> /etc/exports is to place at least part of the client
> Thomas> authentication in the network rather than the supplied
> Thomas> credentials. NFS has quite enough of a history with
> Thomas> AUTH_SYS to prove the issues there. Some of the exports
> Thomas> options (e.g. the *_squash ones) are specifically because
> Thomas> of this.
>
>ATS is completely insecure too, right? A client can create any old
>service record in the subnet administrator's database and claim that
>its GID has whatever IP address it wants.
As I said - I am not attached to ATS. I would welcome an alternative.
But in the absence of one, I like what we have. Also, I do not want
to saddle the NFS/RDMA transport with carrying an IP address purely
for the benefit of a missing transport facility. After all NFS/RDMA works
on iWARP too.
Tom.
More information about the general
mailing list