Hi again, Am 08.06.2015 um 00:10 schrieb Jonas Meurer: > I'm trying to setup a new NFSv4 server with Kerberos as authentication. > The shares are exported as expected and I'm able to mount them using > krb5i authentication on the NFS clients. > > My problem is ownership and permission management on the exported > shares. I need the shares and their content to be owned by root:root and > read-write access by root to the shares on the clients is required.
I found a solution to my problem in the meantime: by adding static mapping to idmapd and mapping the kerberos client machine credentials to local root account on the server. The implementation is explained here: https://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu/526820#526820 With this static mapping added, root on the client machine (who identifies with client machine credentials at Kerberos) is mapped to local root user on the server. That way, it's possible to own files to root:root on Kerberos-secured NFSv4 shares. I'm still wondering whether there's better solutions without the need for static mapping. A drawback of static mapping is that a new mapping is needed for every NFS client machine that needs root access to the shares. Cheers, jonas -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5576e877.70...@freesources.org
