* [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain
@ 2016-08-18 18:37 Steve Dickson
2016-08-18 18:37 ` [RFC PATCH 2/3] configure.ac: Ensure the resolver library is installed Steve Dickson
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Steve Dickson @ 2016-08-18 18:37 UTC (permalink / raw)
To: Linux NFS Mailing list
In domain_from_dns(), when at the hostname is a FQHN
query the DNS server for the _nfsv4idmapdomain TXT
record. If the record exists, use that as the
NFSv4 domain.
Note, this query will only happen if the domain name
is not set in the /etc/idmapd.conf
Signed-off-by: Steve Dickson <steved@redhat.com>
---
libnfsidmap.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 103 insertions(+), 1 deletion(-)
diff --git a/libnfsidmap.c b/libnfsidmap.c
index 2db4d13..7b8c0ed 100644
--- a/libnfsidmap.c
+++ b/libnfsidmap.c
@@ -53,6 +53,10 @@
#include <stdarg.h>
#include <dlfcn.h>
#include <ctype.h>
+#include <resolv.h>
+#include <arpa/nameser.h>
+#include <arpa/nameser_compat.h>
+
#include "nfsidmap.h"
#include "nfsidmap_internal.h"
#include "cfg.h"
@@ -79,6 +83,11 @@ gid_t nobody_gid = (gid_t)-1;
#define IDMAPD_DEFAULT_DOMAIN "localdomain"
#endif
+#ifndef NFS4DNSTXTREC
+#define NFS4DNSTXTREC "_nfsv4idmapdomain"
+#endif
+
+
/* Default logging fuction */
static void default_logger(const char *fmt, ...)
{
@@ -114,6 +123,93 @@ static int id_as_chars(char *name, uid_t *id)
return 1;
}
+static int dns_txt_query(char *domain, char **nfs4domain)
+{
+ char *txtname = NFS4DNSTXTREC;
+ char *msg, *answ, *eom, *mptr;
+ int len, status = -1;
+ HEADER *hdr;
+
+ msg = calloc(1, NS_MAXMSG);
+ if (msg == NULL)
+ return -1;
+
+ answ = calloc(1, NS_MAXMSG);
+ if (answ == NULL) {
+ free(msg);
+ return -1;
+ }
+
+ if (res_init() < 0) {
+ IDMAP_LOG(2, ("libnfsidmap: res_init() failed for %s.%s: %s\n",
+ txtname, domain, hstrerror(h_errno)));
+ goto freemem;
+ }
+ len = res_querydomain(txtname, domain, C_IN, T_TXT, msg, NS_MAXMSG);
+ if (len < 0) {
+ IDMAP_LOG(2, ("libnfsidmap: res_querydomain() failed for %s.%s: %s\n",
+ txtname, domain, hstrerror(h_errno)));
+ goto freemem;
+ }
+ hdr = (HEADER *)msg;
+
+ /* See if there is an answer */
+ if (ntohs(hdr->ancount) < 1) {
+ IDMAP_LOG(2, ("libnfsidmap: No TXT record for %s.%s\n",
+ txtname, domain));
+ goto freemem;
+ }
+ /* find the EndOfMessage */
+ eom = msg + len;
+
+ /* skip header */
+ mptr = &msg[HFIXEDSZ];
+
+ /* skip name field in question section */
+ mptr += dn_skipname(mptr, eom) + QFIXEDSZ;
+
+ /* read in the question */
+ len = dn_expand(msg, eom, mptr, answ, NS_MAXDNAME);
+ if (len < 0) { /* does this really matter?? */
+ IDMAP_LOG(2, ("libnfsidmap: No question section for %s.%s: %s\n",
+ txtname, domain, hstrerror(h_errno)));
+ goto freemem;
+ }
+
+ /*
+ * Now, dissect the answer section, Note: if there
+ * are more than one answer only the first
+ * one will be used.
+ */
+
+ /* skip passed the name field */
+ mptr += dn_skipname(mptr, eom);
+ /* skip pass the type class and ttl fields */
+ mptr += 2 + 2 + 4;
+
+ /* make sure there is some data */
+ GETSHORT(len, mptr);
+ if (len < 0) {
+ IDMAP_LOG(2, ("libnfsidmap: No data in answer for %s.%s\n",
+ txtname, domain));
+ goto freemem;
+ }
+ /* get the lenght field */
+ len = (int)*mptr++;
+ /* copy the data */
+ memcpy(answ, mptr, len);
+ answ[len] = '\0';
+
+ *nfs4domain = strdup(answ);
+ status = 0;
+
+freemem:
+ free(msg);
+ free(answ);
+
+ return (status);
+}
+
static int domain_from_dns(char **domain)
{
struct hostent *he;
@@ -125,7 +221,13 @@ static int domain_from_dns(char **domain)
return -1;
if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
return -1;
- *domain = strdup(c);
+ /*
+ * Query DNS to see if the _nfsv4idmapdomain TXT record exists
+ * If so use it...
+ */
+ if (dns_txt_query(c, domain) < 0)
+ *domain = strdup(c);
+
return 0;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [RFC PATCH 2/3] configure.ac: Ensure the resolver library is installed
2016-08-18 18:37 [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Steve Dickson
@ 2016-08-18 18:37 ` Steve Dickson
2016-08-20 14:55 ` Steve Dickson
2016-08-18 18:37 ` [RFC PATCH 3/3] nfs-utils: Update rpc.idmap and nfsidmap man pages Steve Dickson
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Steve Dickson @ 2016-08-18 18:37 UTC (permalink / raw)
To: Linux NFS Mailing list
Signed-off-by: Steve Dickson <steved@redhat.com>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index 5944166..52e12c8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,6 +13,7 @@ LT_INIT
AC_PROG_CC
# Checks for libraries.
+AC_CHECK_LIB([resolv], [res_querydomain])
AC_ARG_ENABLE([ldap],
[AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:@default=detect@:>@])])
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [RFC PATCH 3/3] nfs-utils: Update rpc.idmap and nfsidmap man pages
2016-08-18 18:37 [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Steve Dickson
2016-08-18 18:37 ` [RFC PATCH 2/3] configure.ac: Ensure the resolver library is installed Steve Dickson
@ 2016-08-18 18:37 ` Steve Dickson
2016-08-20 14:55 ` Steve Dickson
2016-08-19 20:56 ` [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Chuck Lever
2016-08-20 14:54 ` Steve Dickson
3 siblings, 1 reply; 7+ messages in thread
From: Steve Dickson @ 2016-08-18 18:37 UTC (permalink / raw)
To: Linux NFS Mailing list
Describe how the NFSv4 domain name can be
now be found using the _nfsv4idmapdomain DNS
TXT record
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/idmapd/idmapd.man | 23 +++++++++++++++++++++++
utils/nfsidmap/nfsidmap.man | 9 +++++++++
2 files changed, 32 insertions(+)
diff --git a/utils/idmapd/idmapd.man b/utils/idmapd/idmapd.man
index b9200c7..d4ab894 100644
--- a/utils/idmapd/idmapd.man
+++ b/utils/idmapd/idmapd.man
@@ -23,6 +23,29 @@ is the NFSv4 ID <-> name mapping daemon. It provides functionality to
the NFSv4 kernel client and server, to which it communicates via
upcalls, by translating user and group IDs to names, and vice versa.
.Pp
+The system derives the
+.I user
+part of the string by performing a password or group lookup.
+The lookup mechanism is configured in
+.Pa /etc/idmapd.conf
+.Pp
+By default, the
+.I domain
+part of the string is the system's DNS domain name.
+It can also be specified in
+.Pa /etc/idmapd.conf
+if the system is multi-homed,
+or if the system's DNS domain name does
+not match the name of the system's Kerberos realm.
+.Pp
+When the domain is not specified in /etc/idmapd.conf
+the local DNS server will be queried for the
+.Sy _nfsv4idmapdomain
+text record. If the record exists
+that will be used as the domain. When the record
+does not exist, the domain part of the DNS domain
+will used.
+.Pp
Note that on more recent kernels only the NFSv4 server uses
.Nm .
The NFSv4 client instead uses
diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man
index 2f17cf2..2af16f3 100644
--- a/utils/nfsidmap/nfsidmap.man
+++ b/utils/nfsidmap/nfsidmap.man
@@ -39,6 +39,15 @@ if the system is multi-homed,
or if the system's DNS domain name does
not match the name of the system's Kerberos realm.
.PP
+When the domain is not specified in
+.I /etc/idmapd.conf
+the local DNS server will be queried for the
+.I _nfsv4idmapdomain
+text record. If the record exists
+that will be used as the domain. When the record
+does not exist, the domain part of the DNS domain
+will used.
+.PP
The
.I /usr/sbin/nfsidmap
program performs translations on behalf of the kernel.
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain
2016-08-18 18:37 [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Steve Dickson
2016-08-18 18:37 ` [RFC PATCH 2/3] configure.ac: Ensure the resolver library is installed Steve Dickson
2016-08-18 18:37 ` [RFC PATCH 3/3] nfs-utils: Update rpc.idmap and nfsidmap man pages Steve Dickson
@ 2016-08-19 20:56 ` Chuck Lever
2016-08-20 14:54 ` Steve Dickson
3 siblings, 0 replies; 7+ messages in thread
From: Chuck Lever @ 2016-08-19 20:56 UTC (permalink / raw)
To: Steve Dickson; +Cc: Linux NFS Mailing List
> On Aug 18, 2016, at 2:37 PM, Steve Dickson <SteveD@redhat.com> wrote:
>
> In domain_from_dns(), when at the hostname is a FQHN
> query the DNS server for the _nfsv4idmapdomain TXT
> record. If the record exists, use that as the
> NFSv4 domain.
>
> Note, this query will only happen if the domain name
> is not set in the /etc/idmapd.conf
>
> Signed-off-by: Steve Dickson <steved@redhat.com>
All three:
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
> ---
> libnfsidmap.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 103 insertions(+), 1 deletion(-)
>
> diff --git a/libnfsidmap.c b/libnfsidmap.c
> index 2db4d13..7b8c0ed 100644
> --- a/libnfsidmap.c
> +++ b/libnfsidmap.c
> @@ -53,6 +53,10 @@
> #include <stdarg.h>
> #include <dlfcn.h>
> #include <ctype.h>
> +#include <resolv.h>
> +#include <arpa/nameser.h>
> +#include <arpa/nameser_compat.h>
> +
> #include "nfsidmap.h"
> #include "nfsidmap_internal.h"
> #include "cfg.h"
> @@ -79,6 +83,11 @@ gid_t nobody_gid = (gid_t)-1;
> #define IDMAPD_DEFAULT_DOMAIN "localdomain"
> #endif
>
> +#ifndef NFS4DNSTXTREC
> +#define NFS4DNSTXTREC "_nfsv4idmapdomain"
> +#endif
> +
> +
> /* Default logging fuction */
> static void default_logger(const char *fmt, ...)
> {
> @@ -114,6 +123,93 @@ static int id_as_chars(char *name, uid_t *id)
> return 1;
> }
>
> +static int dns_txt_query(char *domain, char **nfs4domain)
> +{
> + char *txtname = NFS4DNSTXTREC;
> + char *msg, *answ, *eom, *mptr;
> + int len, status = -1;
> + HEADER *hdr;
> +
> + msg = calloc(1, NS_MAXMSG);
> + if (msg == NULL)
> + return -1;
> +
> + answ = calloc(1, NS_MAXMSG);
> + if (answ == NULL) {
> + free(msg);
> + return -1;
> + }
> +
> + if (res_init() < 0) {
> + IDMAP_LOG(2, ("libnfsidmap: res_init() failed for %s.%s: %s\n",
> + txtname, domain, hstrerror(h_errno)));
> + goto freemem;
> + }
> + len = res_querydomain(txtname, domain, C_IN, T_TXT, msg, NS_MAXMSG);
> + if (len < 0) {
> + IDMAP_LOG(2, ("libnfsidmap: res_querydomain() failed for %s.%s: %s\n",
> + txtname, domain, hstrerror(h_errno)));
> + goto freemem;
> + }
> + hdr = (HEADER *)msg;
> +
> + /* See if there is an answer */
> + if (ntohs(hdr->ancount) < 1) {
> + IDMAP_LOG(2, ("libnfsidmap: No TXT record for %s.%s\n",
> + txtname, domain));
> + goto freemem;
> + }
> + /* find the EndOfMessage */
> + eom = msg + len;
> +
> + /* skip header */
> + mptr = &msg[HFIXEDSZ];
> +
> + /* skip name field in question section */
> + mptr += dn_skipname(mptr, eom) + QFIXEDSZ;
> +
> + /* read in the question */
> + len = dn_expand(msg, eom, mptr, answ, NS_MAXDNAME);
> + if (len < 0) { /* does this really matter?? */
> + IDMAP_LOG(2, ("libnfsidmap: No question section for %s.%s: %s\n",
> + txtname, domain, hstrerror(h_errno)));
> + goto freemem;
> + }
> +
> + /*
> + * Now, dissect the answer section, Note: if there
> + * are more than one answer only the first
> + * one will be used.
> + */
> +
> + /* skip passed the name field */
> + mptr += dn_skipname(mptr, eom);
> + /* skip pass the type class and ttl fields */
> + mptr += 2 + 2 + 4;
> +
> + /* make sure there is some data */
> + GETSHORT(len, mptr);
> + if (len < 0) {
> + IDMAP_LOG(2, ("libnfsidmap: No data in answer for %s.%s\n",
> + txtname, domain));
> + goto freemem;
> + }
> + /* get the lenght field */
> + len = (int)*mptr++;
> + /* copy the data */
> + memcpy(answ, mptr, len);
> + answ[len] = '\0';
> +
> + *nfs4domain = strdup(answ);
> + status = 0;
> +
> +freemem:
> + free(msg);
> + free(answ);
> +
> + return (status);
> +}
> +
> static int domain_from_dns(char **domain)
> {
> struct hostent *he;
> @@ -125,7 +221,13 @@ static int domain_from_dns(char **domain)
> return -1;
> if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
> return -1;
> - *domain = strdup(c);
> + /*
> + * Query DNS to see if the _nfsv4idmapdomain TXT record exists
> + * If so use it...
> + */
> + if (dns_txt_query(c, domain) < 0)
> + *domain = strdup(c);
> +
> return 0;
> }
>
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Chuck Lever
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain
2016-08-18 18:37 [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Steve Dickson
` (2 preceding siblings ...)
2016-08-19 20:56 ` [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Chuck Lever
@ 2016-08-20 14:54 ` Steve Dickson
3 siblings, 0 replies; 7+ messages in thread
From: Steve Dickson @ 2016-08-20 14:54 UTC (permalink / raw)
To: Linux NFS Mailing list
On 08/18/2016 02:37 PM, Steve Dickson wrote:
> In domain_from_dns(), when at the hostname is a FQHN
> query the DNS server for the _nfsv4idmapdomain TXT
> record. If the record exists, use that as the
> NFSv4 domain.
>
> Note, this query will only happen if the domain name
> is not set in the /etc/idmapd.conf
>
> Signed-off-by: Steve Dickson <steved@redhat.com>
Committed...
steved.
> ---
> libnfsidmap.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 103 insertions(+), 1 deletion(-)
>
> diff --git a/libnfsidmap.c b/libnfsidmap.c
> index 2db4d13..7b8c0ed 100644
> --- a/libnfsidmap.c
> +++ b/libnfsidmap.c
> @@ -53,6 +53,10 @@
> #include <stdarg.h>
> #include <dlfcn.h>
> #include <ctype.h>
> +#include <resolv.h>
> +#include <arpa/nameser.h>
> +#include <arpa/nameser_compat.h>
> +
> #include "nfsidmap.h"
> #include "nfsidmap_internal.h"
> #include "cfg.h"
> @@ -79,6 +83,11 @@ gid_t nobody_gid = (gid_t)-1;
> #define IDMAPD_DEFAULT_DOMAIN "localdomain"
> #endif
>
> +#ifndef NFS4DNSTXTREC
> +#define NFS4DNSTXTREC "_nfsv4idmapdomain"
> +#endif
> +
> +
> /* Default logging fuction */
> static void default_logger(const char *fmt, ...)
> {
> @@ -114,6 +123,93 @@ static int id_as_chars(char *name, uid_t *id)
> return 1;
> }
>
> +static int dns_txt_query(char *domain, char **nfs4domain)
> +{
> + char *txtname = NFS4DNSTXTREC;
> + char *msg, *answ, *eom, *mptr;
> + int len, status = -1;
> + HEADER *hdr;
> +
> + msg = calloc(1, NS_MAXMSG);
> + if (msg == NULL)
> + return -1;
> +
> + answ = calloc(1, NS_MAXMSG);
> + if (answ == NULL) {
> + free(msg);
> + return -1;
> + }
> +
> + if (res_init() < 0) {
> + IDMAP_LOG(2, ("libnfsidmap: res_init() failed for %s.%s: %s\n",
> + txtname, domain, hstrerror(h_errno)));
> + goto freemem;
> + }
> + len = res_querydomain(txtname, domain, C_IN, T_TXT, msg, NS_MAXMSG);
> + if (len < 0) {
> + IDMAP_LOG(2, ("libnfsidmap: res_querydomain() failed for %s.%s: %s\n",
> + txtname, domain, hstrerror(h_errno)));
> + goto freemem;
> + }
> + hdr = (HEADER *)msg;
> +
> + /* See if there is an answer */
> + if (ntohs(hdr->ancount) < 1) {
> + IDMAP_LOG(2, ("libnfsidmap: No TXT record for %s.%s\n",
> + txtname, domain));
> + goto freemem;
> + }
> + /* find the EndOfMessage */
> + eom = msg + len;
> +
> + /* skip header */
> + mptr = &msg[HFIXEDSZ];
> +
> + /* skip name field in question section */
> + mptr += dn_skipname(mptr, eom) + QFIXEDSZ;
> +
> + /* read in the question */
> + len = dn_expand(msg, eom, mptr, answ, NS_MAXDNAME);
> + if (len < 0) { /* does this really matter?? */
> + IDMAP_LOG(2, ("libnfsidmap: No question section for %s.%s: %s\n",
> + txtname, domain, hstrerror(h_errno)));
> + goto freemem;
> + }
> +
> + /*
> + * Now, dissect the answer section, Note: if there
> + * are more than one answer only the first
> + * one will be used.
> + */
> +
> + /* skip passed the name field */
> + mptr += dn_skipname(mptr, eom);
> + /* skip pass the type class and ttl fields */
> + mptr += 2 + 2 + 4;
> +
> + /* make sure there is some data */
> + GETSHORT(len, mptr);
> + if (len < 0) {
> + IDMAP_LOG(2, ("libnfsidmap: No data in answer for %s.%s\n",
> + txtname, domain));
> + goto freemem;
> + }
> + /* get the lenght field */
> + len = (int)*mptr++;
> + /* copy the data */
> + memcpy(answ, mptr, len);
> + answ[len] = '\0';
> +
> + *nfs4domain = strdup(answ);
> + status = 0;
> +
> +freemem:
> + free(msg);
> + free(answ);
> +
> + return (status);
> +}
> +
> static int domain_from_dns(char **domain)
> {
> struct hostent *he;
> @@ -125,7 +221,13 @@ static int domain_from_dns(char **domain)
> return -1;
> if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
> return -1;
> - *domain = strdup(c);
> + /*
> + * Query DNS to see if the _nfsv4idmapdomain TXT record exists
> + * If so use it...
> + */
> + if (dns_txt_query(c, domain) < 0)
> + *domain = strdup(c);
> +
> return 0;
> }
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [RFC PATCH 2/3] configure.ac: Ensure the resolver library is installed
2016-08-18 18:37 ` [RFC PATCH 2/3] configure.ac: Ensure the resolver library is installed Steve Dickson
@ 2016-08-20 14:55 ` Steve Dickson
0 siblings, 0 replies; 7+ messages in thread
From: Steve Dickson @ 2016-08-20 14:55 UTC (permalink / raw)
To: Linux NFS Mailing list
On 08/18/2016 02:37 PM, Steve Dickson wrote:
> Signed-off-by: Steve Dickson <steved@redhat.com>
Committed...
steved.
> ---
> configure.ac | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/configure.ac b/configure.ac
> index 5944166..52e12c8 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -13,6 +13,7 @@ LT_INIT
> AC_PROG_CC
>
> # Checks for libraries.
> +AC_CHECK_LIB([resolv], [res_querydomain])
>
> AC_ARG_ENABLE([ldap],
> [AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:@default=detect@:>@])])
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [RFC PATCH 3/3] nfs-utils: Update rpc.idmap and nfsidmap man pages
2016-08-18 18:37 ` [RFC PATCH 3/3] nfs-utils: Update rpc.idmap and nfsidmap man pages Steve Dickson
@ 2016-08-20 14:55 ` Steve Dickson
0 siblings, 0 replies; 7+ messages in thread
From: Steve Dickson @ 2016-08-20 14:55 UTC (permalink / raw)
To: Linux NFS Mailing list
On 08/18/2016 02:37 PM, Steve Dickson wrote:
> Describe how the NFSv4 domain name can be
> now be found using the _nfsv4idmapdomain DNS
> TXT record
>
> Signed-off-by: Steve Dickson <steved@redhat.com>
Committed...
steved.
> ---
> utils/idmapd/idmapd.man | 23 +++++++++++++++++++++++
> utils/nfsidmap/nfsidmap.man | 9 +++++++++
> 2 files changed, 32 insertions(+)
>
> diff --git a/utils/idmapd/idmapd.man b/utils/idmapd/idmapd.man
> index b9200c7..d4ab894 100644
> --- a/utils/idmapd/idmapd.man
> +++ b/utils/idmapd/idmapd.man
> @@ -23,6 +23,29 @@ is the NFSv4 ID <-> name mapping daemon. It provides functionality to
> the NFSv4 kernel client and server, to which it communicates via
> upcalls, by translating user and group IDs to names, and vice versa.
> .Pp
> +The system derives the
> +.I user
> +part of the string by performing a password or group lookup.
> +The lookup mechanism is configured in
> +.Pa /etc/idmapd.conf
> +.Pp
> +By default, the
> +.I domain
> +part of the string is the system's DNS domain name.
> +It can also be specified in
> +.Pa /etc/idmapd.conf
> +if the system is multi-homed,
> +or if the system's DNS domain name does
> +not match the name of the system's Kerberos realm.
> +.Pp
> +When the domain is not specified in /etc/idmapd.conf
> +the local DNS server will be queried for the
> +.Sy _nfsv4idmapdomain
> +text record. If the record exists
> +that will be used as the domain. When the record
> +does not exist, the domain part of the DNS domain
> +will used.
> +.Pp
> Note that on more recent kernels only the NFSv4 server uses
> .Nm .
> The NFSv4 client instead uses
> diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man
> index 2f17cf2..2af16f3 100644
> --- a/utils/nfsidmap/nfsidmap.man
> +++ b/utils/nfsidmap/nfsidmap.man
> @@ -39,6 +39,15 @@ if the system is multi-homed,
> or if the system's DNS domain name does
> not match the name of the system's Kerberos realm.
> .PP
> +When the domain is not specified in
> +.I /etc/idmapd.conf
> +the local DNS server will be queried for the
> +.I _nfsv4idmapdomain
> +text record. If the record exists
> +that will be used as the domain. When the record
> +does not exist, the domain part of the DNS domain
> +will used.
> +.PP
> The
> .I /usr/sbin/nfsidmap
> program performs translations on behalf of the kernel.
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-08-20 14:55 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-18 18:37 [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Steve Dickson
2016-08-18 18:37 ` [RFC PATCH 2/3] configure.ac: Ensure the resolver library is installed Steve Dickson
2016-08-20 14:55 ` Steve Dickson
2016-08-18 18:37 ` [RFC PATCH 3/3] nfs-utils: Update rpc.idmap and nfsidmap man pages Steve Dickson
2016-08-20 14:55 ` Steve Dickson
2016-08-19 20:56 ` [RFC PATCH 1/3] libnfsidmap: Query DNS for the the NFSv4 domain Chuck Lever
2016-08-20 14:54 ` Steve Dickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).