draft-ietf-nfsv4-multi-domain-fs-reqs-06.txt   draft-ietf-nfsv4-multi-domain-fs-reqs-07.txt 
NFSv4 Working Group W. Adamson NFSv4 Working Group W. Adamson
Internet-Draft NetApp Internet-Draft NetApp
Intended status: Standards Track N. Williams Intended status: Standards Track N. Williams
Expires: April 3, 2016 Cryptonector Expires: November 7, 2016 Cryptonector
October 1, 2015 May 6, 2016
Multiple NFSv4 Domain Namespace Deployment Guidelines Multiple NFSv4 Domain Namespace Deployment Guidelines
draft-ietf-nfsv4-multi-domain-fs-reqs-06 draft-ietf-nfsv4-multi-domain-fs-reqs-07
Abstract Abstract
This document discusses issues relevant to the deployment of the This document discusses issues relevant to the deployment of the
NFSv4 protocols in situations allowing for the construction of an NFSv4 protocols in situations allowing for the construction of an
NFSv4 file namespace supporting the use of multiple NFSv4 domains and NFSv4 file namespace supporting the use of multiple NFSv4 domains and
utilizing multi-domain capable file systems. Also described are utilizing multi-domain capable file systems. Also described are
constraints on name resolution and security services appropriate to constraints on name resolution and security services appropriate to
the administration of such a system. Such a namespace is a suitable the administration of such a system. Such a namespace is a suitable
way to enable a Federated File System supporting the use of multiple way to enable a Federated File System supporting the use of multiple
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 3, 2016. This Internet-Draft will expire on November 7, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 10, line 6 skipping to change at page 10, line 6
NFSv4.1 clients and servers MUST implement RPCSEC_GSS. NFSv4.1 clients and servers MUST implement RPCSEC_GSS.
(This requirement to implement is not a requirement (This requirement to implement is not a requirement
to use.) Other flavors, such as AUTH_NONE, and AUTH_SYS, to use.) Other flavors, such as AUTH_NONE, and AUTH_SYS,
MAY be implemented as well. MAY be implemented as well.
The underlying RPCSEC_GSS security mechanism used in a multi-domain The underlying RPCSEC_GSS security mechanism used in a multi-domain
namespace is REQUIRED to employ a method of cross NFSv4 domain trust namespace is REQUIRED to employ a method of cross NFSv4 domain trust
so that a principal from a security service in one NFSv4 domain can so that a principal from a security service in one NFSv4 domain can
be authenticated in another NFSv4 domain that uses a security service be authenticated in another NFSv4 domain that uses a security service
with the same security mechanism. Kerberos is an example of such a with the same security mechanism. Kerberos is an example of such a
security services. security service.
The AUTH_NONE security flavor can be useful in a multi-domain The AUTH_NONE security flavor can be useful in a multi-domain
deployment to grant universal access to public data without any deployment to grant universal access to public data without any
credentials. credentials.
The AUTH_SYS security flavor uses a host-based authentication model The AUTH_SYS security flavor uses a host-based authentication model
where the weakly authenticated host (the NFSv4 client) asserts the where the weakly authenticated host (the NFSv4 client) asserts the
user's authorization identities using small integers, uidNumber, and user's authorization identities using small integers, uidNumber, and
gidNumber [RFC2307], as user and group identity representations. gidNumber [RFC2307], as user and group identity representations.
Because this authorization ID representation has no domain component, Because this authorization ID representation has no domain component,
 End of changes. 5 change blocks. 
6 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/