SImple name-to-id mapping with idmapd not working?

Alessio Gaeta alga777 at libero.it
Sun Mar 9 13:02:01 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry for delay, I've been busy and I've read some code too...

>>>> If we also wanted to do id<->id mapping of auth_unix credentials, we'd
>>>> need a new mechanism for that.
>> Only for curiosity, it is so difficult to implement it? Did someone
>> thought about it when idmapd was implemented?

> It's not terribly difficult to do server-side mapping of auth_unix
> credentials.  If you (or someone you know of) has the time and resources
> to work on it, we could probably outline what's needed.

I read the code, but it is undocumented, so it's a bit difficult for me
to clearly figure the interaction between components... Moreover I am
not an expert programmer (I studied RPC some years ago, I'd need a
refresh...), neither I have too much time available; so I can't
"officially" take this commit, but I'd like to learn more about NFS and
id mapping and maybe to try coding something (intended that I'd share
any eventually useful result, of course). Neither I want to steal your
time, so maybe you can only address me to some developer resources
(interaction diagrams, functions documentation... I couldn't find
anything useful by myself), I would be grateful to you.

> 
> My assumption has always been that people with a few clients can adjust
> their id's and names to match, people with larger installations probably
> have already set up nis or ldap or something to do that for them, and
> the remaining problematic case is when two large organizations merge.
> But I don't know.
> 
> In any case it's something that somebody asks for every now and then,
> but that nobody's stepped up to do yet.
> 

This is true until one creates its little domain from scratch and have
full control on all machines... With growing widespread of notebooks,
adsl and home LANs, an "homebrew administrator" deals with existing
clients installations, on which even a UID change can be invasive. On
the other side, deploying a NIS/Kerberos/LDAP service is clearly
overscaled... A simply id mapper as I described would be simple and
effective, IMHO.

Thanks for your time. Regards
- --
Alessio Gaeta
http://meden.uni.cc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH1BgJirbk3DO+UZ0RAgn8AJ9YY244k7U8r01d37sfEFKPlugb1ACg4N3E
6sDi+iZ0bGuzZGrPsSFO7aU=
=dxlS
-----END PGP SIGNATURE-----

More information about the NFSv4 mailing list