projects techreports press lab location staff
citi top.2 top.3
citi mid.3
bot.1 bot.2 bot.3
star

Projects: NFS Version 4 Linux features

NFSv4 Linux features

feature available in version projected in version
basic file operations 2.6.4
locking 2.6.4
krb5 2.6.4
krb5i 2.6.6
krb5p 2.6.18
server reboot recovery (client) 2.6.4
server reboot recovery (server) 2.6.10-CITI_NFS4_ALL-1 2.6.13
POSIX ACLs (client) 2.6.4-CITI-NFS4_ALL-1 2.6.13
POSIX ACLs (server) 2.6.9-rc1
Full NFSv4 ACLs (client) 2.6.7-CITI_NFS4_ALL-1 2.6.13
Full NFSv4 ACLs (server) ?
delegations (client) 2.6.9-rc1
delegations (server) 2.6.10
named attributes (client) ?
named attributes (server) ?
security negotiation ?
automounting on fsid change 2.6.11-CITI_NFS4_ALL-1 ?

Explanation of features:

basic file operations:
reading, writing, etc.
locking:
advisory byte-range locking using fcntl; in nfsv4 this is done by the nfsv4 protocol itself rather than a separate protocol.
krb5/krb5i/krb5p
Strong cryptographic security for NFSv2, v3, and v4, using Kerberos. There are three different (increasingly strong) levels of security:
krb5:
Authentication only: The header of each request and response is signed. You know who sent you this thing but you don't really know for sure what's in it.
krb5i:
Integrity: The header and body of each request and response is signed. So you know who sent this thing and what was in it.
krb5p:
Privacy: The header of each request is signed, and the body is encrypted, so you know everything you knew with krb5i, but everyone else knows less.
ACLs:
Linux supports ACLs based on the withdrawn POSIX ACL specification. NFSv4 provides much richer ACLs. On the client we allow the user to deal with either NFSv4 or POSIX ACLs, mapping between the two as necessary (and as possible). On the server we only allow a restricted set of NFSv4 ACLs that map to POSIX ACLs. Full server-side support for NFSv4 ACLs is also desireable, but presents some challenges; for example, it may not be possible to enforce NFSv4 ACLs when for local users on the server.
reboot recovery:
Client applications should be able to continue running after server reboots; system calls depending on rpc requests to the unresponsive server will hang, returning once the server comes back. Except for the delay, applications should see completely normal behavior.
delegations:
If only one client is accessing a file, then an NFSv4 server has the option of giving that client a delegation for the file, allowing the client to perform opens, closes, and locks locally. Should allow lower-latency opens, closes, and locks, and more aggressive client-side caching.
named attributes:
The NFSv4 protocol supports the association of files with arbitrary named attributes.
security negotiation:
Allow automatic negotiation of security flavor using SECINFO and the WRONGSEC error.
automounting on fsid change:
When the fsid changes (when we cross a mountpoint on the server), the client should automatically create a new mountpoint.
blank.space
b.star projects | techreports | press | lab | location | staff Email address
or call +1 734 763 2929
Copyright © 1996-2013
The Regents of the University of Michigan
bottom.line
citi