Host based authentication
Ian Grant
Ian.Grant at cl.cam.ac.uk
Wed Apr 18 15:37:59 EDT 2007
On Wed, 2007-04-18 at 09:56 -0400, Kevin Coffman wrote:
> On 4/18/07, Ian Grant <Ian.Grant at cl.cam.ac.uk> wrote:
> > I just want to confirm that I understand correctly: there is no
> > host-based authentication possible using the NFSV4 machine credentials.
> > That would contradict the security model of user-based authentication.
>
> Since you mentioned machine credentials, I'm assuming we are talking
> about Kerberos mounts.
>
> If you have name/ID mapping like our ldap scheme, then the machine
> credential can be mapped to a given user. Is that what you are
> getting at? If not, can you explain?
Yes, I mean kerberos mounts, and no, I don't mean mapping the machine
credentials to one particular user. Rather that the server somehow lets
the host with machine credentials access files in the way auth-sys
would. I knew I would look stupid, but I just had to ask. Sorry :-)
More information about the NFSv4
mailing list