Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals

To: debian-edu@lists.debian.org
Subject: Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
From: Petter Reinholdtsen <pere@hungry.com>
Date: Thu, 6 Jan 2011 12:24:02 +0100
Message-id: <[🔎] 20110106112402.GK773@login1.uio.no>
In-reply-to: <[🔎] 20110106111235.GA3175@flashgordon>
References: <[🔎] 20110105175842.GA4276@flashgordon> <[🔎] 20110105181024.GA24784@login1.uio.no> <[🔎] 20110106021653.63432xwz912v5g5h@mail.das-netzwerkteam.de> <[🔎] 20110106111235.GA3175@flashgordon>

[Andreas B. Mundt]
> We want kerberos, but we don't want to get rid of old structures. So
> we open one more field of activity, split forces and everybody
> maintains and improves what he knows or prefers or whatever,
> thereby, from time to time, breaking the stuff of the
> colleague. Perhaps we can (and should) improve that point too.

What old structures are you talking about?  We have switched all user
login authentication from LDAP to Kerberos (except Gosa, which seem
incapable of using Kerberos for user authentication), and I am not
aware of anything but Gosa using LDAP authentication now.

> However, to come back to the issue, the next step concerning
> kerberos would be to switch to nfs4.

I assume you are talking about user home directories and shared
folders, and not the LTSP root mount, because LTSP do not support NFS4
yet, and Kerberos based mounting is not really sensible for stateless
machines.  So we will end up with NFS3 and and NFS4 if we get NFS4
working for home directories.  But I would love ot get user home
directory mounting away from netgroup and IP based authentication.

To me the next step with Kerberos would be to get Gosa, CUPS and
Nagios to use Kerberos tickets when logging in to get rid of the last
LDAP authentication user and ensure single signon for more services.

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
  - From: Mike Gabriel <m.gabriel@das-netzwerkteam.de>

References:
- NFS4 and Kerberos: A-records for same IP inflate the need for service principals
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
  - From: Mike Gabriel <m.gabriel@das-netzwerkteam.de>
- Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

Prev by Date: Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
Next by Date: Gosa vs. CipUX
Previous by thread: Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
Next by thread: Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
Index(es):
- Date
- Thread