Issues in Deploying NFS Version 4

jimc, 2006-01-09 (update 2007-03-23)

A recurring request at UCLA-Mathnet is that we allow a user to mount his UNIX home directory on a rogue laptop, i.e. a machine not under our administrative control, either on our own net or from a remote site such as a visitor's institution or home. At present all our filesystems are exported via NFSv3, described below, which cannot handle such service. What alternative network filesystem could we use for this?

Overview of Network File Systems

NFSv2 is the traditional Network File System deployed in SunOS. Its major characteristics are:

The Andrew File System (AFS) from Carnegie-Mellon is a widely deployed alternative to NFS, and institutions who have deployed it like it very much. For example, both CMU and Stanford export all student home directories globally, specifically to the dormitories and all campus departmental nets, as well as off campus, with little hassle for the students and little or no exposure to hacking. UCLA-Mathnet considered deploying AFS, but there is a downside as well (follow the link for discussion), and we did not pursue this filesystem.

NFSv3 appeared with newer versions of Sun Solaris. It includes TCP transport, making it more responsive on a heavily loaded net, but it seems to have most or all of the disadvantages of NFSv2. Somewhere in the history, possibly with the advent of NFSv3, it became possible but optional to authenticate the client host using Kerberos, plugging that security hole.

NFSv4 is an evolutionary advance that keeps the same flavor as traditional NFS but which improves quite a number of aspects. Specifically:

Clearly we should make NFSv4 available to our users. In the rest of this document I will discuss issues in how to do that.

Links for NFSv4

What Would We Get from NFSv4?

Server Deployment

This all applies to SuSE 10.0, kernel 2.6.13, nfs-utils-1.0.7. Updated for SuSE 10.2, kernel 2.6.18, nfs-utils-1.0.10. Much of this info comes from http://wiki.linux-nfs.org.