> Glenn Machin wrote: > > The default NFS domain for our servers is > sandia.nfs.domain with a kerberos realm of > sandia.gov. However we have users whose kerberos > principals will be in a different realm, and we would > like to map them to the NFS domain associated with > their kerberos realm. > > > > Is there any way to to this on Solaris? It appears > that all users will be in a single NFS domain. > > Do you really mean NFSMAPID_DOMAIN is set to > sandia.nfs.domain rather > than matching the DNS domain ? Or do you mean the > NIS domain is > sandia.nfs.domain ? > > If so why did you set the NFS domain to be something > that doesn't match > the default DNS domain ? >
I used representative names for the NFS domain and Kerberos realm. The reason being that neither one necessary has to match up with the DNS domain. What I want to do is map kerberos principal to account and account to NFS4 domain. With Linux (reference model at CITI) there is the idmapd which can use LDAP and 2 attributes GSSauthname to map Kerberos principal to account and NFSv4name which maps account to NFS domain name. > Are you using Kerberos for NFS authentication ? Yes > See nfsmapid(1M). I did but it appeared to map all accounts to a single NFS4 domain. I could not say gmachin is NFS4domain-name: [EMAIL PROTECTED] and jsmith is NFS4domain-name: [EMAIL PROTECTED] > > I seem to remember there being an API (maybe not > publicly documented) > for building custom mapping daemons. The best place > to find out more > about this would be in the NFS community of > OpenSolaris. Thanks I posted this message there as well. I'm a newbie to this list and did not see the nfs discussion list until after I posted this. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
