Real utility of idmapd
Guillaume Rousse
Guillaume.Rousse at inria.fr
Tue Mar 20 05:30:21 EDT 2007
Hello.
This may seems a naive question, but I'm still trying to figure where id
mapping is really needed, even after reading
http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html,
and trying myself.
If I understand correctly:
- nfs-independant nss mapping is needed anyway for operations as ls on
client side, to display correctly names instead of uid
- with auth_sys, file operations such as open, close, etc.. depends on
user uid, needing them to be identical on both side: again,
nfs-independant nss mapping is needed. And properly-configured idmapd
seems to be useless.
- with gss/krb5, you need a way to map kerberos principals to uid,
meaning idmapd with another method as nsswitch method. Otherwise, you'll
still need identical uids on both side. And properly-configured idmapd
seems to be useless (again).
So basically, if you want to get rid of the need to have identical uid
on client and server, you need idmapping with another translation method
than nsswitch, meaning umich_ldap, which is still considered as
experimental (never tested it tough). Did I miss something ?
More information about the NFSv4
mailing list