authunix_create_default: tooo many

Guy Harris guy at bootme.auspex.com
Wed Jun 7 05:40:17 AEST 1989 

> 	This is a "problem" with NFS (actually, I think the problem is 
> actually due to a limitation in a table size in the RPC stuff somewhere, but
> I'm not positive).

You are correct.  The "UNIX" flavor of authentication in ONC RPC has, as
documented in older versions of the protocol spec, room for 10 groups. 
(No, not 8 - see below.)

> Basically, there's a table that holds a list of all of the groups you
> belong to.  Some far-sighted individual at Sun (I suspect) decided long
> ago that no one in their right minds would be in more than 8 groups,

At the time they did that, no one *could* be in more than 8 groups! 
This was before 4.3BSD came out; 4.2BSD allowed only 8 groups in a group
set.

Along came 4.3BSD, and the group size was bumped to 16, leaving RPC
somewhat up a creek.

> 	I'm told that more recent versions of NFS/RPC have this limitation
> removed from them, but I don't know this for certain, as I only belong to 7
> groups on our Suns :-).

The SunOS 4.0 version, and the ONC/NFS 4.0 version derived from it (the
ONC/NFS versions are the ones distributed as ONC/NFS source to
licensees) bumped it to 16, which, while it does break the protocol as
specified in some documents:

	1) should work if both sides are really talking the updated
	   protocol, supporting 16 groups;

	2) will probably work even if the server *isn't* talking the updated
	   protocol, *as long as the client side user's group set has 10
	   or fewer members* (otherwise, "xdr_array" will probably
	   complain bitterly that the array sent over the wire has too
	   many members - it's not clear how it could do better, since
	   the server may have to discard some of the groups; which ones
	   should it choose?).

I think the 10 is correct; the "Remote Procedure Calls: Protocol
Specification" document in the ONC/NFS 4.0 documentation indicates that
the group set has 10 members, not 8 members, and, as I remember, the
pre-4.0 code actually allowed for 10 members.

The ONC/RPC protocol has been published as an Internet RFC; the first
version, RFC1050, also specifies 10 members, but the second version,
RFC1057, specifies 16 members.  I assume this means the protocol is
officially considered to have been been "fixed" to handle 16-member
group sets.

More information about the Comp.sys.pyramid mailing list