Security Negotiation for WebNFS
RFC 2755
Document | Type |
RFC - Informational
(January 2000; No errata)
Was draft-chiu-network-wnfs-sec-nego (individual)
|
|
---|---|---|---|
Authors | Alex Chiu , Brent Callaghan , Mike Eisler | ||
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 2755 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group A. Chiu Request for Comments: 2755 M. Eisler Category: Informational B. Callaghan Sun Microsystems January 2000 Security Negotiation for WebNFS Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract This document describes a protocol for a WebNFS client [RFC2054] to negotiate the desired security mechanism with a WebNFS server [RFC2055] before the WebNFS client falls back to the MOUNT v3 protocol [RFC1813]. This document is provided so that people can write compatible implementations. Table of Contents 1. Introduction .............................................. 2 2. Security Negotiation Multi-component LOOKUP ............... 3 3 Overloaded Filehandle ..................................... 4 3.1 Overloaded NFS Version 2 Filehandle ..................... 5 3.2 Overloaded NFS Version 3 Filehandle ..................... 6 4. WebNFS Security Negotiation ............................... 6 5. Security Considerations ................................... 10 6. References ................................................ 10 7. Acknowledgements .......................................... 10 8. Authors' Addresses ........................................ 11 9. Full Copyright Statement .................................. 12 Chiu, et al. Informational [Page 1] RFC 2755 Security Negotiation for WebNFS January 2000 1. Introduction The MOUNT protocol is used by an NFS client to obtain the necessary filehandle for data access. MOUNT versions 1 and 2 [RFC1094] return NFS version 2 filehandles, whereas MOUNT version 3 [RFC1813] returns NFS version 3 filehandles. Among the existing versions of the MOUNT protocol, only the MOUNT v3 provides an RPC procedure (MOUNTPROC3_MNT) which facilitates security negotiation between an NFS v3 client and an NSF v3 server. When this RPC procedure succeeds (MNT3_OK) the server returns to the client an array of security mechanisms it supports for the specified pathname, in addition to an NFS v3 filehandle. A security mechanism referred to in this document is a generalized security flavor which can be an RPC authentication flavor [RFC1831] or a security flavor referred to in the RPCSEC_GSS protocol [RFC2203]. A security mechanism is represented as a four-octet integer. No RPC procedures are available for security negotiation in versions 1 or 2 of the MOUNT protocol. The NFS mount command provides a "sec=" option for an NFS client to specify the desired security mechanism to use for NFS transactions. If this mount option is not specified, the default action is to use the default security mechanism over NFS v2 mounts, or to negotiate a security mechanism via the MOUNTPROC3_MNT procedure of MOUNT v3 and use it over NFS v3 mounts. In the latter, the client picks the first security mechanism in the array returned from the server that is also supported on the client. As specified in RFC 2054, a WebNFS client first assumes that the server supports WebNFS and uses the publsc filehandle as the initial filehandle for data access, eliminating the need for the MOUNT protocol. The WebNFS client falls back to MOUNT if the server does not support WebNFS. Since a WebNFS client does not use MOUNT initially, the MOUNTPROC3_MNT procedure of MOUNT v3 is not available for security negotiation until the WebNFS client falls back to MOUNT. A viable protocol needs to be devised for the WebNFS client to negotiate security mechanisms with the server in the absence of the MOUNTPROC3_MNT procedure. Chiu, et al. Informational [Page 2] RFC 2755 Security Negotiation for WebNFS January 2000 The WebNFS security negotiation protocol must meet the following requirements: - Must work seamlessly with NFS v2 and v3, and the WebNFS protocols - Must be backward compatible with servers that do not support this negotiation - Minimum number of network turnarounds (latency) This document describes the WebNFS security negotiation protocol developed by Sun Microsystems, Inc. Terminology and definitions from RFCs 2054 and 2055 are used in this document. The reader is expected to be familiar with them. 2. Security Negotiation Multi-component LOOKUP The goal of the WebNFS security negotiation is to allow a WebNFSShow full document text