Krb5 auth and supplemental groups
Steve Gaarder
gaarder at math.cornell.edu
Tue Sep 5 09:14:00 EDT 2006
On Fri, 1 Sep 2006, J. Bruce Fields wrote:
> On Fri, Sep 01, 2006 at 04:52:08PM -0400, Steve Gaarder wrote:
>> I've got a client that mounts a filesystem with sec=krb5. Things work
>> fine except for group permissions. Users' supplemental groups are
>> ignored; only the primary group seems to be recognized. This is under Red
>> Hat Enterprise 4. Any ideas?
>
> With sec=krb5, the supplemental groups are determined entirely by the
> server. So I assume the list of groups should be essentially what you'd
> see if you logged into the server and ran "id username".
Yes, that's also my understanding. Logging in and running "id" on the
server shows the groups I expect to see, but I get "permission denied" on
the client when I try to write to a directory that is writable by one of
those groups. Any further thoughts?
thanks,
Steve Gaarder
More information about the NFSv4
mailing list