[Freeipa-users] IPA+AD trust and NFS nobody issue
Nordgren, Bryce L -FS
bnordgren at fs.fed.us
Fri Jun 27 20:28:50 UTC 2014
> -----Original Message-----
> > What I'm not quite clear on is the interaction between idmapd and ldap
> > (slides 15,16,18). Does idmapd want to see this "NFSv4RemoteUser"
> > schema on the LDAP server? Is this schema something that FreeIPA would
> > have to support for NFS to work with cross-realm trusts? Or has the
> > landscape changed since this 2005 presentation?
>
> The landscape has changed and evolved, and I never really saw adoption of
> this CITI proposal myself. It may have happened somewhere I guess, but I do
> not think it is prevalent.
Poking a little more, I'm seeing something pretty similar to this proposal in the UMICH_SCHEMA section here: http://linux.die.net/man/5/idmapd.conf
This appears to be the same man page which ships with Fedora 20. It looks like it's configurable, with the defaults being more or less the attributes mentioned in the 2005 powerpoint...
If views were to support these attributes, external security principals could have a nice centralized mapping to NFS for the freeipa managed linux environment...
Bryce
This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
More information about the Freeipa-users
mailing list