Hi Pavel, On Di 08 Mär 2011 02:09:40 CET Pavel Pisa wrote:
I have noticed that you work on switching to NFS4+krb5 for homes on school workstations. I am very interrested to switch to similar for our university labs setup. We use Debian servers and diskless workstations in our setups.
Actually, it is rather Andreas Mundt who is currently doing all the brain+manual work around NFSv4 and Krb5. However, I have setups up and running that use a similar setup.
I would be very happy if you document your setup when you have it working. The description from Mike Gabriel is the best cookbook I have seen till now for this. I have been looking for keyrings notices for years already but there has been no simple specification how to use these and what level of integration with distribution and mainline is reached.
I would be extremely happy if we could use single export of all homes and protect access form individual client machines by logged in user credential.
Let me rephrase the expression ,,single export of all homes''. What I recommend to people using NFSv4+Krb5 is:
o store automount setup in LDAP o mount home dirs individually on a per-user-basis o take the (auto)mount info from LDAP o in LDAP automount configs store the sec=krb5x property on a per-user-basisI will propose a setup like that for Debian Edu wheezy and provide a cookbook as a basis for discussion once squeeze is out.
Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: firstname.lastname@example.org, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Description: Digitale PGP-Unterschrift