Host based authentication
Ian Grant
Ian.Grant at cl.cam.ac.uk
Thu Apr 19 05:28:14 EDT 2007
> With auth-sys, access as root (UID 0) on the client is given root
> access on the server. (Unless root_squashing is enabled, then it is
> given access as nobody).
But the server trusts the uid/gid that the client machine presents,
doesn't it? And that's not the case with kerberos auth. where the
client machine must be able to supply the user's credentials to get
the user's privs.
What I was asking about is whether there is a way to get an NFSV4
server to trust the clients and allow all privs to user's files, but
only when the client machine can supply machine credentials. So it's
host-based authentication, but with machine credentials instead of
just by IP address.
Ian
More information about the NFSv4
mailing list