NFSv4 Introduction
From Linux NFS
(→Security : krb5 setup) |
|||
Line 1: | Line 1: | ||
= NFSv4 = | = NFSv4 = | ||
- | '''NFSv4''' is a new generation of network filesystems. It is designed to be run over internet, and | + | '''NFSv4''' is a new generation of network filesystems. It is designed to be run over internet, and it has these capabilities : |
* [[#Security|Strong security]] | * [[#Security|Strong security]] | ||
* [[#Network_optimisations|Network optimisations]] | * [[#Network_optimisations|Network optimisations]] | ||
Line 10: | Line 10: | ||
==Security == | ==Security == | ||
- | NFSv4 is can be | + | NFSv4 is can be secured via one of three types of security "flavors": |
*[[Enduser_doc_kerberos|Kerberos]] | *[[Enduser_doc_kerberos|Kerberos]] | ||
*SPKM | *SPKM | ||
*LIPKEY | *LIPKEY | ||
+ | |||
+ | For each flavor, there may be multiple implementations. For instance, with Kerberos there are both "MIT Kerberos", and "Heimdal Kerberos". | ||
=== Kerberos and NFSv4 === | === Kerberos and NFSv4 === | ||
Line 20: | Line 22: | ||
==Network optimisations== | ==Network optimisations== | ||
+ | |||
==Interoperability== | ==Interoperability== | ||
+ | |||
==IPv6 support for the client== | ==IPv6 support for the client== | ||
- | Here is a short description to explain how to have an IPv6 ready client for NFSv2,v3 and v4 | + | Here is a short description to explain how to have an IPv6 ready client for NFSv2,v3 and v4. |
- | + | For further information about the IPv6 support design, please look '''[http://nfsv4.bullopensource.org/doc/nfs_ipv6.php here]''' | |
+ | |||
<h4>TI-RPC library</h4> | <h4>TI-RPC library</h4> | ||
- | The ti-rpc library is designed to replace sunrpc library. It is necessary to do Remote Procedures Calls regardless the transport used. | + | The ti-rpc library is designed to replace sunrpc library. It is necessary to do Remote Procedures Calls regardless of the transport used. |
- | Download the tirpc tarball: '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/libtirpc-0.1.7.tar.bz2 libtirpc-0.1.7.tar.bz2]''' | + | |
+ | Download the tirpc tarball: '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/libtirpc-0.1.7.tar.bz2 libtirpc-0.1.7.tar.bz2]''' | ||
+ | |||
Build and install: | Build and install: | ||
- | + | ||
- | > ./configure | + | > ./configure |
- | > make | + | > make |
- | > make install | + | > make install |
- | + | ||
<h4>Kernel patches</h4> | <h4>Kernel patches</h4> | ||
Dowload the cumulative patch: '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/linux-2.6.11-ALL.patch linux-2.6.11-ALL.patch]''' | Dowload the cumulative patch: '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/linux-2.6.11-ALL.patch linux-2.6.11-ALL.patch]''' | ||
- | + | ||
- | + | In the kernel source directory: | |
- | > patch -p1 < linux-2.6.11-NFS-IPv6-client.patch | + | |
- | + | > patch -p1 < linux-2.6.11-NFS-IPv6-client.patch | |
<h4>User part patches</h4> | <h4>User part patches</h4> | ||
Download nfs-utils tarball with IPv6 support included: '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/util-linux-2.12-IPv6.tar.bz2 util-linux-2.12-3-IPv6.tar.bz2]''' | Download nfs-utils tarball with IPv6 support included: '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/util-linux-2.12-IPv6.tar.bz2 util-linux-2.12-3-IPv6.tar.bz2]''' | ||
<br>or | <br>or | ||
- | + | ||
- | + | Download the util-linux-2.12 tarball: '''[http://www.citi.umich.edu/projects/nfsv4/linux/util-linux-tarballs/util-linux-2.12.tar.gz util-linux-2.12.tar.gz]''' | |
- | + | ||
- | + | Download and apply the util-linux-2.12-CITI_NFS4_ALL-3 patchset '''[http://www.citi.umich.edu/projects/nfsv4/linux/util-linux-patches/2.12-3/util-linux-2.12-CITI_NFS4_ALL-3.dif util-linux-2.12-CITI_NFS4_ALL-3.dif]''' | |
- | > patch -p1 < util-linux-2.12-CITI_NFS4_ALL-3.dif | + | |
- | + | In util-linux-2.12 directory: | |
+ | |||
+ | > patch -p1 < util-linux-2.12-CITI_NFS4_ALL-3.dif | ||
+ | |||
Download and apply cumulative patch for util-linux-2.12 : '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/util-linux-2.12-IPv6.patch util-linux-2.12-IPv6.patch]''' | Download and apply cumulative patch for util-linux-2.12 : '''[http://nfsv4.bullopensource.org/patches/nfs-ipv6/util-linux-2.12-IPv6.patch util-linux-2.12-IPv6.patch]''' | ||
<br>In util-linux-2.12 directory: | <br>In util-linux-2.12 directory: | ||
- | + | ||
- | > patch -p1 < util-linux-2.12-IPv6.patch | + | > patch -p1 < util-linux-2.12-IPv6.patch |
- | + | ||
Build and install new nfs client commands: | Build and install new nfs client commands: | ||
- | + | ||
- | > make | + | > make |
- | > make install | + | > make install |
- | + | ||
<h4>Related links</h4> | <h4>Related links</h4> |
Revision as of 00:37, 3 June 2005
Contents |
NFSv4
NFSv4 is a new generation of network filesystems. It is designed to be run over internet, and it has these capabilities :
Features
Security
NFSv4 is can be secured via one of three types of security "flavors":
- Kerberos
- SPKM
- LIPKEY
For each flavor, there may be multiple implementations. For instance, with Kerberos there are both "MIT Kerberos", and "Heimdal Kerberos".
Kerberos and NFSv4
Setup instructions for kerberos/NFSv4 are here
Network optimisations
Interoperability
IPv6 support for the client
Here is a short description to explain how to have an IPv6 ready client for NFSv2,v3 and v4. For further information about the IPv6 support design, please look here
TI-RPC library
The ti-rpc library is designed to replace sunrpc library. It is necessary to do Remote Procedures Calls regardless of the transport used.
Download the tirpc tarball: libtirpc-0.1.7.tar.bz2
Build and install:
> ./configure > make > make install
Kernel patches
Dowload the cumulative patch: linux-2.6.11-ALL.patch
In the kernel source directory:
> patch -p1 < linux-2.6.11-NFS-IPv6-client.patch
User part patches
Download nfs-utils tarball with IPv6 support included: util-linux-2.12-3-IPv6.tar.bz2
or
Download the util-linux-2.12 tarball: util-linux-2.12.tar.gz
Download and apply the util-linux-2.12-CITI_NFS4_ALL-3 patchset util-linux-2.12-CITI_NFS4_ALL-3.dif
In util-linux-2.12 directory:
> patch -p1 < util-linux-2.12-CITI_NFS4_ALL-3.dif
Download and apply cumulative patch for util-linux-2.12 : util-linux-2.12-IPv6.patch
In util-linux-2.12 directory:
> patch -p1 < util-linux-2.12-IPv6.patch
Build and install new nfs client commands:
> make > make install
Related links
TI-RPC library and rpcbind support
IPv6 support in NFS (client and server general design)
Current status and download
Basic Socket Interface Extensions for IPv6 (RFC_3493)