[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Why not use NFS4 and Kerberos for mounting the home directories?

Hi all,

first, let me apologize for the silence during last months and for not
being able to contribute to Debian-Edu. The reasons are complicated
probably and not meant to be public; you know, "real life" and the

However, I would like to take a few minutes to discuss the following

Why don't we use NFS4 and Kerberos for mounting the home directories? 

The reason given so far is that NFS4 might not be "ready for
production" yet. I don't know what "production use" means, however, I
think it's good enough for our use at schools [1] and we should give
it a try.  

The advantage (beside other nice features and improvements compared to
NFS3) is, that the netgroups-administration we don't have yet will not
be needed to mount the home directory. Every user that provides a
valid Kerberos ticket can mount his home directory in an encrypted
way. To unleash the power of Kerberos we should use that, right now
(more or less just for authentication) Kerberos is an overkill and not
worth the effort.

Best regards


[1] At least in my school, where the users and their data is removed
    every year because of the cruft that accumulates within that year,
    it should work. Pupils log in for an hour and after that the
    machines are turned off again. If it doesn't work there it works
    nowhere. I don't think it makes much sense to compare our case of
    use to universities and companies where valuable date is processed
    and machines are up for ages.  

Reply to: