Ok, this is a bit complicate, but I’ll try to explain: We have two domains - let’s called them A and B. Some people have users on both domains. The usernames, uid and gid are totally different across domains.
There’s a desire to allow the users on domain B to mount shares from domain A. Reading SSSD’s documentation, it seems trivial that one machine can be configured for two domains. But suppose my user is francaug@domainB on the B domain, and francis@domainA. Let’s say I want to mount my_dir, exported with nfs4 from domain A. I could most likely get kerberos tickets, use NFS4 to mount it on domainB. Will I, as francaug@domainB, be able to actually use (read, write, delete) these files, since our posix attributes are completely different? Any other way to solve it here, such as by using NFSv4 ACL attributes? Or is there any alternative, such as using regex rules so that users are matched? Or translating/mapping uid's and gid’s? Right now I don’t know exactly what to focus on - the only vague requirement for this task is that a person who has a user on domain B and is logged to a domainB-bound machine should be able to mount a share from domain A. I have the feeling that mount is trivial, but access is going to bite… Any tips? Best, Francis _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
