Nicolas Williams wrote: > On Mon, Aug 04, 2008 at 11:22:58AM -0500, Paul Fisher wrote: > >> Actually no, only one nfs domain called "localnet" which is set on both >> the client and the server. What is different is that the client and >> server have a different idea of the actual uid/gid values that are used >> for the names (all in the local /etc files on each system). >> > > Provided you're using NFSv4 and you're NOT using AUTH_SYS, then this > will work. > > >> If NFSv4 idmap'ing uses names, but the uid/gid values on both sides need >> to match, what is the purpose of this translation layer? What am I >> missing here? >> > > AUTH_SYS -- don't use that. Use Kebreros (-o sec=krb5, krb5i or krb5p). >
Thanks, that sounds right. But this seems a bit unfortunate... Is using Kerberos the only alternative? This seems a little (hehe, read a *lot*) heavy handed for my purposes (xVM virtual machines on my laptop ;->). Frankly, I've never tried to configure Kerberos on either opensolaris or linux. -- paul
