On Fri, Mar 02, 2007 at 11:36:25AM +0800, Raymond Xiong wrote: > I think what Glenn want to do is let a client in realm A and NFS > mapid domain A to access a server in realm B and NFS mapid domain B. > > Using gsscred or krb5.conf auth_to_local parameter probably > doesn't solve this problem because they only help to server side > principal to unix account mapping. From my understanding, the issue > is when server sends files back to client, client won't be able to > get correct file owner and owner_group(the nobody issue) because > client and server have different NFS mapid domain. This can't be > resovlved by a method like "mapping Kerberos principal name to NFS > Domain" which Glenn is looking for, because Kerberos principal name > are not used in owner and owner_group strings. > > I think currently NFS client and server have to be in the same NFS > mapid domain to communicate properly. Maybe it would be useful if > nfsmapid could support cross-domain mapping?
That is a very different issue.
