There has been some work on multi-domain Kerberos in NFSv4, going back to 2010. Not sure where things stand though.
https://www.ietf.org/proceedings/10mar/slides/nfsv4-5.pdf Ian On Tue, Dec 16, 2014 at 4:27 PM, Paul B. Henson <hen...@acm.org> wrote: >> From: Schweiss, Chip >> Sent: Tuesday, December 16, 2014 6:02 AM >> >> It seems there a many ways to map ID in NFSv4, is there a way to not map >> them at all? > > I believe linux supports disabling ID mapping and using raw uid/gids on the > wire instead of strings, but I don't think illumos does? > >> All the current file systems being migrated are NFSv3 with AUTH_SYS. I'd >> consider moving them all to kerberos authentication, but something tells me >> that may be impossible with the multiple domains. > > Multiple Kerberos realms too? I don't think illumos can have more than one > kerberos realm defined for NFS... > > -- Ian Kaufman Research Systems Administrator UC San Diego, Jacobs School of Engineering ikaufman AT ucsd DOT edu _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
