AFS and kerberos
Tillman Hodgson
tillman at seekingfire.com
Tue Jul 31 01:04:10 EDT 2007
On Tue, Jul 31, 2007 at 01:54:58AM +0000, Faeandar wrote:
> The one is Solaris and Linux. Maybe Linux is 32, I don't know for
> sure.
> I hear that a system change on Solaris will allow for 32 but unless
> your NFS servers are Solaris you break NFS.
On FreeBSD you can adjust kern.ngroups (defaults to 16). Harti has
tested an increased number (64, I think) over a number of years and with
the exception of NFS everything worked fine.
> I'm looking into increasing file system security over NFS and was
> initially leaning towards kerb5 with LDAP to allow for a greater
> number of unix groups, and therefore greater access control (beyond 16
> groups) even if it is still ugo.
> But so far I'm doubtful that will work.
As I undersatnd it, over NFS it won't work because of how RPC works. RFC
1057 defines the auth_unix struct as having unsigned int gids<16>.
-T
--
"I always considered csh as the root shell a bonus. It was incentive not
to use root during those lazy moments."
-- Anonymous Coward, undeadly.org
More information about the Kerberos
mailing list