On 05/09/2012 06:18 PM, Steven Jones wrote:
Hi,
Thanks so I will remove the sec=sys bit and re-test..and then I
assume it will be kerberos only.....
This is not true, it's documented in the exports man page how you can
assign different permissions depending on the security type. For example:
/nfsroot/stuff
*(crossmnt,no_subtree_check,async,sec=krb5p,rw,root_squash,sec=sys,ro,all_squash)
This makes it so users with valid kerberos creds have rw access (though
root is squashed). W/o a kerberos ticket, a user can still read stuff,
but all ownership information is squashed.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
