Date: Fri, 7 Jan 2011 15:16:32 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Ivan Voras <ivoras@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: nfssvc not available or version mismatch (nfsv4 client) Message-ID: <1136425833.263121.1294431392106.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <AANLkTi=GVijaPKONJk8wyovMsoqidvFpd%2Bkkc0zjxKBm@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I was thinking about the practical scenario where users share a server > - currently, as there's AFAIK no facility for remapping UIDs in > FreeBSD, UIDs and usernames have to match on all machines. Will this > change with NFSv4? Unless you use Kerberized mounts (sec=krb5 or sec=krb5i or sec=krb5p), no. I, personally, think that a simple authentication mechanism that had a name instead of uid in it would be nice. However, to have any chance of getting that through the ietf working group, I think it would have to be accompanied by some sort of host based security (think "like an ssh tunnel using IPSEC") and I don't have the time nor expertise to work that all out. Then, it all has to be written up as an internet draft, and then, since I don't have any travel budget to go to the IETF meetings, I'll bet it'd never get anywhere. If some NFS vendor likes this idea, I'd be happy to work wth them on it, because I believe setting up Kerberos is just too much hassle for most people. rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1136425833.263121.1294431392106.JavaMail.root>