Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!gorodish!guy
From: guy%gorodish@Sun.COM (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: NGROUP limit set at 8
Message-ID: <32169@sun.uucp>
Date: Wed, 28-Oct-87 02:23:28 EST
Article-I.D.: sun.32169
Posted: Wed Oct 28 02:23:28 1987
Date-Received: Sat, 31-Oct-87 00:58:43 EST
References: <9096@mimsy.UUCP> <7712@steinmetz.steinmetz.UUCP>
Sender: news@sun.uucp
Lines: 26
Keywords: NGROUP

> No.  NGROUP is used to size an array in the kernel ucred (user's
> credentials) structure when building a kernel.

Unfortunately, these credentials are used when the kernel makes an RPC call
(e.g., for an NFS operation), and are also used indirectly when user-mode code
makes RPC calls (the RPC code does a "getgroups" system call).  The number of
groups in UNIX-authentication credentials for Sun RPC is 8 (not 10, the RPC
Protocol Specification lies), so it can't handle more than 8 groups.  This
means that RPC calls using UNIX authentication (such as NFS calls) won't work
if you crank the number of groups above 8.

The authentication scheme described in a paper by Brad Taylor and Dave Goldberg
at the 1986 summer USENIX conference ("Secure Networking in the Sun
Environment") would solve this problem, because you don't pass UNIX user and
group IDs over the wire; you pass a name that gets translated to an appropriate
set of credentials as understood by the local OS (which need not be UNIX).

> Even binary distributions come with a configuration source file
> /usr/sys/conf/param.c, compiled when you build a kernel.

However, there are plenty of source files *not* supplied with a binary
distribution that make use of NGROUPS, and "/usr/sys/conf/param.c" doesn't make
use of it, so changing "NGROUPS" in "param.h" and rebuilding won't help.
	Guy Harris
	{ihnp4, decvax, seismo, decwrl, ...}!sun!guy
	guy@sun.com