Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!bootme.auspex.com!guy From: guy@bootme.auspex.com (Guy Harris) Newsgroups: comp.sys.pyramid Subject: Re: authunix_create_default: tooo many Message-ID: <8906061940.AA06539@bootme.auspex.com> Date: 6 Jun 89 19:40:17 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 49 > This is a "problem" with NFS (actually, I think the problem is > actually due to a limitation in a table size in the RPC stuff somewhere, but > I'm not positive). You are correct. The "UNIX" flavor of authentication in ONC RPC has, as documented in older versions of the protocol spec, room for 10 groups. (No, not 8 - see below.) > Basically, there's a table that holds a list of all of the groups you > belong to. Some far-sighted individual at Sun (I suspect) decided long > ago that no one in their right minds would be in more than 8 groups, At the time they did that, no one *could* be in more than 8 groups! This was before 4.3BSD came out; 4.2BSD allowed only 8 groups in a group set. Along came 4.3BSD, and the group size was bumped to 16, leaving RPC somewhat up a creek. > I'm told that more recent versions of NFS/RPC have this limitation > removed from them, but I don't know this for certain, as I only belong to 7 > groups on our Suns :-). The SunOS 4.0 version, and the ONC/NFS 4.0 version derived from it (the ONC/NFS versions are the ones distributed as ONC/NFS source to licensees) bumped it to 16, which, while it does break the protocol as specified in some documents: 1) should work if both sides are really talking the updated protocol, supporting 16 groups; 2) will probably work even if the server *isn't* talking the updated protocol, *as long as the client side user's group set has 10 or fewer members* (otherwise, "xdr_array" will probably complain bitterly that the array sent over the wire has too many members - it's not clear how it could do better, since the server may have to discard some of the groups; which ones should it choose?). I think the 10 is correct; the "Remote Procedure Calls: Protocol Specification" document in the ONC/NFS 4.0 documentation indicates that the group set has 10 members, not 8 members, and, as I remember, the pre-4.0 code actually allowed for 10 members. The ONC/RPC protocol has been published as an Internet RFC; the first version, RFC1050, also specifies 10 members, but the second version, RFC1057, specifies 16 members. I assume this means the protocol is officially considered to have been been "fixed" to handle 16-member group sets.