NFSv4 in cross domain environment
Kevin Coffman
kwc at citi.umich.edu
Fri Jan 4 10:36:41 EST 2008
On Jan 3, 2008 3:07 PM, Markus Moeller <huaraz at moeller.plus.com> wrote:
> "Kevin Coffman" <kwc at citi.umich.edu> wrote in message
> news:4d569c330801030914s10bd3a6axd02eb50170c3225d at mail.gmail.com...
>
> > On Jan 3, 2008 10:29 AM, Markus Moeller <huaraz at moeller.plus.com> wrote:
> >> Hi,
> >>
> >> I am new to nfsv4 and have a setup with two Kerberos domains which have
> >> full
> >> trust. Is it possible to mount directories cross domains ?
> >>
> >> Thank you
> >> Markus
> >
> > Yes, it should work.
> > This -- http://www.citi.umich.edu/projects/nfsv4/crossrealm/ -- may
> > (or may not) be helpful.
>
> Is the nsswitch mapping standard on all platforms/linux distros ? I am
> using OpenSuSE 10.3.
>
> TBH I was hoping that my krb5.conf could do the mapping through
> auth_to_local.
>
> Thank you
> Markus
nsswitch mapping in cross-realm environments is only safe if you know
that jones at REALM.A and jones at REALM.B are both user 'jones' locally.
That is why we did the umich_ldap mapping. I'll have to look further
into auth_to_local. That may be what Solaris uses, but I am not sure.
More information about the NFSv4
mailing list