On the server side,
nfssvc() is called with the flag
NFSSVC_NFSD and a pointer to a
struct nfsd_srvargs {
struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
uid_t nsd_uid; /* Effective uid mapped to cred */
u_long nsd_haddr; /* Ip address of client */
struct ucred nsd_cr; /* Cred. uid maps to */
int nsd_authlen; /* Length of auth string (ret) */
char *nsd_authstr; /* Auth string (ret) */
};
to enter the kernel as an
nfsd(8) daemon. Whenever an
nfsd(8) daemon receives a Kerberos authentication ticket, it will return from
nfssvc() with errno set to
ENEEDAUTH. The
nfsd(8) will attempt to authenticate the ticket and generate a set of credentials on the server for the “user id” specified in the field nsd_uid. This is done by first authenticating the Kerberos ticket and then mapping the Kerberos principal to a local name and getting a set of credentials for that user via
getpwnam(3) and
getgrouplist(3). If successful, the
nfsd(8) will call
nfssvc() with the
NFSSVC_NFSD and
NFSSVC_AUTHIN flags set to pass the credential mapping in nsd_cr into the kernel to be cached on the server socket for that client. If the authentication failed,
nfsd(8) calls
nfssvc() with the flags
NFSSVC_NFSD and
NFSSVC_AUTHINFAIL to denote an authentication failure.
The master
nfsd(8) server daemon calls
nfssvc() with the flag
NFSSVC_ADDSOCK and a pointer to a
struct nfsd_args {
int sock; /* Socket to serve */
caddr_t name; /* Client address for connection based sockets */
int namelen; /* Length of name */
};
to pass a server side NFS socket into the kernel for servicing by the
nfsd(8) daemons.