[29134] in Kerberos
help with kerberised NFS for a nis netgroup alternative
daemon@ATHENA.MIT.EDU (TheWizard)
Wed Jan 23 13:45:59 2008
Message-ID: <15039386.post@talk.nabble.com>
Date: Wed, 23 Jan 2008 03:12:10 -0800 (PST)
From: TheWizard <nitzanz@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
X-Nabble-From: nitzanz@gmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I'm working on an prototype to replace our NIS based auth' to kerberised
services.
I've menage to setup NFS4 with kerberos using gss/krb5 security in exports
and all well.
we have various host groups (using nis netgroups) that should connect to
various exports,
if we change them to gss/krb5 we loose the netgroup differentiation.
I've though of using multiple realms (with a single KDC) and the various
exports will be handled by the client machine's realms, if more then one
"group" is needed we can inter-realm authenticate.
has anyone heard of such kerberos "alternative" for netgroup NFS approach?
is it feasible?
how does kadmin handle multiple realm?
any help would be most appreciate.
--
View this message in context: http://www.nabble.com/help-with-kerberised-NFS-for-a-nis-netgroup-alternative-tp15039386p15039386.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
