On Tue, Sep 18, 2012 at 9:42 AM, Matt Garman <[email protected]>wrote:
> On Sat, Sep 15, 2012 at 8:12 PM, Frank Cusack <[email protected]> wrote: > > man rpc.gssd. > > At least on my distro (CentOS 5), that man page is extremely terse. > At least it should tell you where to drop keytabs and how to name them so that the daemon can pick them up. If the server is also RH then the stuff about idmap is a red herring. Linux treats all instances (/foo) as equivalent to the main principal for NFS purposes. So as long as your principal names match your usernames, and the server can lookup username->uid, as would normally be the case, then you're good from that end. > Another option is to allow the servers to mount via sys permission. Your > > NFS server may or may not allow this kind of configuration. > > What do you mean by sys permission? Do you mean the old, pre-NFSv4 > style of IP-only "authentication"? > Yes, formally called AUTH_SYS. That sounds like something I'd like. As I mentioned in my previous > post, we want strict controls on mounting, and encrypted data streams. > I don't believe Linux NFS servers can do this (different auth types from different locations). I might be wrong, I'm not 100% up to date on Linux. It doesn't seem to be the case, at least not for me. CentOS 5 for > client machines, and CentOS 6 for the server. Maybe this is my > problem? Some subtle incompatibility between versions? > You're likely just not dropping the keytab into the right location and with the right naming convention. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
