Why not use NFS4 and Kerberos for mounting the home directories?
Hi all,
first, let me apologize for the silence during last months and for not
being able to contribute to Debian-Edu. The reasons are complicated
probably and not meant to be public; you know, "real life" and the
like.
However, I would like to take a few minutes to discuss the following
issue:
Why don't we use NFS4 and Kerberos for mounting the home directories?
The reason given so far is that NFS4 might not be "ready for
production" yet. I don't know what "production use" means, however, I
think it's good enough for our use at schools [1] and we should give
it a try.
The advantage (beside other nice features and improvements compared to
NFS3) is, that the netgroups-administration we don't have yet will not
be needed to mount the home directory. Every user that provides a
valid Kerberos ticket can mount his home directory in an encrypted
way. To unleash the power of Kerberos we should use that, right now
(more or less just for authentication) Kerberos is an overkill and not
worth the effort.
Best regards
Andi
[1] At least in my school, where the users and their data is removed
every year because of the cruft that accumulates within that year,
it should work. Pupils log in for an hour and after that the
machines are turned off again. If it doesn't work there it works
nowhere. I don't think it makes much sense to compare our case of
use to universities and companies where valuable date is processed
and machines are up for ages.
Reply to: