[29136] in Kerberos
Re: help with kerberised NFS for a nis netgroup alternative
daemon@ATHENA.MIT.EDU (edward@murrell.co.nz)
Thu Jan 24 16:08:26 2008
Message-ID: <58496.202.27.218.180.1201206273.squirrel@zinc.murrell.co.nz>
In-Reply-To: <15039386.post@talk.nabble.com>
Date: Fri, 25 Jan 2008 09:24:33 +1300 (NZDT)
From: edward@murrell.co.nz
To: kerberos@mit.edu
MIME-Version: 1.0
X-SA-Exim-Mail-From: edward@murrell.co.nz
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
The 'proper' way to do this, would be to read the mount information out of
LDAP. LDAP can support additional nismaps and nss can be configured
(depending on your unix flavour) to get it's automount info from ldap.
> Hello,
>
> I'm working on an prototype to replace our NIS based auth' to kerberised
> services.
> I've menage to setup NFS4 with kerberos using gss/krb5 security in exports
> and all well.
>
> we have various host groups (using nis netgroups) that should connect to
> various exports,
> if we change them to gss/krb5 we loose the netgroup differentiation.
> I've though of using multiple realms (with a single KDC) and the various
> exports will be handled by the client machine's realms, if more then one
> "group" is needed we can inter-realm authenticate.
>
> has anyone heard of such kerberos "alternative" for netgroup NFS approach?
> is it feasible?
> how does kadmin handle multiple realm?
>
> any help would be most appreciate.
> --
> View this message in context:
> http://www.nabble.com/help-with-kerberised-NFS-for-a-nis-netgroup-alternative-tp15039386p15039386.html
> Sent from the Kerberos - General mailing list archive at Nabble.com.
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
