[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NFS4 and Kerberos interrest and our diskless RW AUFS overlaid root

Hi Pavel,

On Di 08 Mär 2011 02:09:40 CET Pavel Pisa wrote:

I have noticed that you work on switching to NFS4+krb5 for homes
on school workstations. I am very interrested to switch to similar
for our university labs setup. We use Debian servers and diskless
workstations in our setups.

Actually, it is rather Andreas Mundt who is currently doing all the brain+manual work around NFSv4 and Krb5. However, I have setups up and running that use a similar setup.

I would be very happy if you document your setup when you have
it working. The description from Mike Gabriel is the best
cookbook I have seen till now for this. I have been looking
for keyrings notices for years already but there has been
no simple specification how to use these and what level of integration
with distribution and mainline is reached.

THX! 8-)

I would be extremely happy if we could use single export of all homes
and protect access form individual client machines by logged in user

Let me rephrase the expression ,,single export of all homes''. What I recommend to people using NFSv4+Krb5 is:

  o store automount setup in LDAP
  o mount home dirs individually on a per-user-basis
  o take the (auto)mount info from LDAP
  o in LDAP automount configs store the sec=krb5x property on a

I will propose a setup like that for Debian Edu wheezy and provide a cookbook as a basis for discussion once squeeze is out.



mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de


Attachment: pgpLt4DZmAmWk.pgp
Description: Digitale PGP-Unterschrift

Reply to: