[Freeipa-users] IPA+AD trust and NFS nobody issue
Nordgren, Bryce L -FS
bnordgren at fs.fed.us
Fri Jun 27 00:10:53 UTC 2014
Also: http://tools.ietf.org/html/draft-adamson-nfsv4-multi-domain-access-04
Never became an RFC, but cites Simo's I-D on a Kerberos PAC.
I like the CITI approach better (also approach 2 of section 6 in the above I-D). I have no use for the groups defined in my active directory. Also, for the external collaboration case, my AD may not be accessible to an NFS server outside the firewall.
However, if (?) support for an NFSRemoteUser schema is lacking in FreeIPA, and if AD is accessible to both client and server, it seems that approach 3 of section 6 above would be the answer? Somehow configure idmap.conf (on NFS clients and servers) to directly query AD? Does that seem correct?
Bryce
This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
More information about the Freeipa-users
mailing list