help with kerberised NFS for a nis netgroup alternative

edward@murrell.co.nz edward at murrell.co.nz
Thu Jan 24 15:24:33 EST 2008


The 'proper' way to do this, would be to read the mount information out of
LDAP. LDAP can support additional nismaps and nss can be configured
(depending on your unix flavour) to get it's automount info from ldap.

> Hello,
>
> I'm working on an prototype to replace our NIS based auth' to kerberised
> services.
> I've menage to setup NFS4 with kerberos using gss/krb5 security in exports
> and all well.
>
> we have various host groups (using nis netgroups) that should connect to
> various exports,
> if we change them to gss/krb5 we loose the netgroup differentiation.
> I've though of using multiple realms (with a single KDC) and the various
> exports will be handled by the client machine's realms, if more then one
> "group" is needed we can inter-realm authenticate.
>
> has anyone heard of such kerberos "alternative" for netgroup NFS approach?
> is it feasible?
> how does kadmin handle multiple realm?
>
> any help would be most appreciate.
> --
> View this message in context:
> http://www.nabble.com/help-with-kerberised-NFS-for-a-nis-netgroup-alternative-tp15039386p15039386.html
> Sent from the Kerberos - General mailing list archive at Nabble.com.
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>




More information about the Kerberos mailing list