- AUTH_SYS provides a UID, GID, and a list of up to 16 supplemental groups to an NFS server.
- By default, these IDs are not validated and are trusted as legitimate.
- To allow for NFS users to belong to more than 16 groups, the option to enable support for Extended Groups introduces ID validation via an appropriate Name Service.
- The validation does the following:
- Obtain UID from NFS call
- Preserve gid for SetGID compatibility
- Query Name Services, such as LDAP, NIS, or the local SVM files regarding the UID and group-membership (this is determined by the ns-switch configuration)
- If the user has group association local to NFS client, not in name-services, ONTAP cannot grant access based on these unless the user and group are appropriately defined locally on the SVM