Mapping root user to Kerberos principal (and other static mappings) - version 2
Kevin Coffman
kwc at citi.umich.edu
Mon Mar 24 09:40:38 EDT 2008
Hi David,
Thanks for the patches! Olga Kornievskaia has already made some of
these changes locally (but I haven't yet had a chance to finish
testing and put out a new version). She has made each method a
separate library (to de-couple ldap dependencies), and added the
ability for chaining. I'll compare your implementation of chaining
with what we have.
Your 'static' method would then become a separate loadable library.
I will try to integrate all of this and put out a new release by the
end of the month.
K.C.
On Sun, Mar 23, 2008 at 12:13 PM, David Härdeman <david at hardeman.nu> wrote:
> In November last year I submitted a patch to allow static mappings for
> GSS principals (especially important for root-over-nfsv4 since the
> machine will normally use machine credentials).
>
> In response to the feedback I got back then, I've written some new
> patches (attached) which does the following things:
>
> 1) Implements chained methods in libnfsidmap so that it is possible to
> specify e.g. "umich_ldap nsswitch" in /etc/idmapd.conf
>
> 2) Adds the "static" method for mapping between GSS principals and local
> user names by using static mappings from /etc/idmapd.conf
>
> 3) (minor and not related to the first two) some changes to libtest.c to
> remove some compilation warnings and to allow the quit-on-error
> behaviour to be enabled/disabled.
>
> Please review.
>
> --
> David Härdeman
>
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
More information about the NFSv4
mailing list