[osol-discuss] Mapping Kerberos principal name to NFS Domain
Darren J Moffat
Darren.Moffat at Sun.COM
Thu Mar 1 09:52:12 PST 2007
Glenn Machin wrote:
> The default NFS domain for our servers is sandia.nfs.domain with a kerberos realm of sandia.gov. However we have users whose kerberos principals will be in a different realm, and we would like to map them to the NFS domain associated with their kerberos realm.
>
> Is there any way to to this on Solaris? It appears that all users will be in a single NFS domain.
Do you really mean NFSMAPID_DOMAIN is set to sandia.nfs.domain rather
than matching the DNS domain ? Or do you mean the NIS domain is
sandia.nfs.domain ?
If so why did you set the NFS domain to be something that doesn't match
the default DNS domain ?
Are you using Kerberos for NFS authentication ?
See nfsmapid(1M).
I seem to remember there being an API (maybe not publicly documented)
for building custom mapping daemons. The best place to find out more
about this would be in the NFS community of OpenSolaris.
--
Darren J Moffat
More information about the opensolaris-discuss
mailing list