[SGVLUG] NFS question
Emerson, Tom
Tom.Emerson at wbconsultant.com
Tue May 2 15:32:41 PDT 2006
> -----Original Message----- Of Claude Felizardo
> On 5/2/06, John E. Kreznar <jek at ininx.com> wrote:
> > "Claude Felizardo" <cafelizardo at gmail.com> writes:
> >
> > > I really don't want to have to change the userid on my Linux box
> >
> Yes, if I had known that I might get access, I would have made sure to
> match userid's.[...]
>
>
> > However, the exports(5) man page has a section "User ID
> Mapping" which addresses exactly the question you're asking.[...]
>
> NFS 'exports' is for configuring the server of which I have no
> control.
[other than the fact I mentioned the same thing, I figured this was
probably the case since it means changing the server...]
Some google searching turned up this, apparently from a redhat help
page:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1
-nfs-client-config.html
Which notes another "nfs specific" option called "sec" [at the bottom]
which states:
==================
sec=mode - Specifies the type of security to utilize when authenticating
an NFS connection.
sec=sys is the default setting, which uses local UNIX UIDs and GIDs by
means of AUTH_SYS to authenticate NFS operations.
sec=krb5 uses Kerberos V5 instead of local UNIX UIDs and GIDs to
authenticate users.
sec=krb5i uses Kerberos V5 for user authentication and performs
integrity checking of NFS operations using secure checksums to prevent
data tampering.
sec=krb5p uses Kerberos V5 for user authentication, integrity checking,
and encrypts NFS traffic to prevent traffic sniffing. This is the most
secure setting, but it also has the most performance overhead involved.
==================
So it looks like there is some addditional support in Redhat
[enterprise] for exactly this situation.
Interestingly (or not) the very next hit in the google search is for
Microsoft's services-for-unix solution:
http://www.microsoft.com/technet/interopmigration/unix/sfu/sfumpsrv.mspx
[very detailed description of what's going on here...]
And the hit /after that/ is from hummingbird [a.k.a. NFS Maestro] with
even more details on "automounting"
http://www.hummingbird.com/support/nc/nfs/nfs9003203.html?cks=y
On the second page of results is this hit for an O'Reilly book:
http://www.unix.org.ua/orelly/networking_2ndEd/nfs/ch12_01.htm
More information about the SGVLUG
mailing list