NFS --manage-gids

[Josh Paetzel]

As anyone who is familiar with NFS is aware, auth_sys has a limit of membership in 16 aux groups.

In today's "everything is in AD universe" it's incredibly common for an account to be in more than 16 groups.

There are various solutions to this. Right now the only reasonable one on FreeBSD is to use Kerberos. auth_krb does not have the 16 group membership limit. Of course that solution is great if you already use Kerberos, but if you don't suggesting that as a solution does't always go over so well.

The Linux crowd extended their NFS server years ago with a --manage-gids option that lets it ignore the group member ship sent over the wire by the client and look up group membership locally.

Does anyone have any objections to that option getting ported to FreeBSD?

Thanks,

Josh Paetzel