From owner-freebsd-current@FreeBSD.ORG Mon Jan 10 21:26:31 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32FAB106564A for ; Mon, 10 Jan 2011 21:26:31 +0000 (UTC) (envelope-from salwerom@iem.pw.edu.pl) Received: from volt.iem.pw.edu.pl (volt.iem.pw.edu.pl [194.29.146.3]) by mx1.freebsd.org (Postfix) with SMTP id BDAE48FC13 for ; Mon, 10 Jan 2011 21:26:30 +0000 (UTC) Received: from marekdesktop (cwx170.internetdsl.tpnet.pl [83.19.131.170]) (Authenticated sender: salwerom) by volt.iem.pw.edu.pl (Postfix) with ESMTPSA id 5840DA665A7; Mon, 10 Jan 2011 22:26:23 +0100 (CET) Message-ID: <7B2D6737C7D44738A9710C1BD5E5711F@marekdesktop> From: "Marek Salwerowicz" To: "Rick Macklem" References: <1283297834.106648.1294694011899.JavaMail.root@erie.cs.uoguelph.ca> Date: Mon, 10 Jan 2011 22:26:14 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994 X-Virus-Scanned: clamav-milter 0.96.5 at volt.iem.pw.edu.pl X-Virus-Status: Clean X-Mailman-Approved-At: Mon, 10 Jan 2011 21:49:59 +0000 Cc: freebsd-current@freebsd.org, Andrzej Tobola Subject: Re: NFSv4 and pam_mount - mounting user home directories (with security?) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2011 21:26:31 -0000 > I think you can stick it just before "return 0" in /etc/rc.d/nfsd. > (I'd probably just go with the "sysctl vfs.newnfs.server_min_nfsvers=4" > line in this case, since you want it unconditionally?) > > Or, if you don't want to build a kernel with "options NFSD", I think > you can get nfsd.ko loaded early by fiddling with loader.conf, but I'm > not volunteering to figure out what works there:-) > > rick > Ok, that problem has been solved ;) In nfs_precmd it checks if the option in rc.conf is set. If yes, it tries to set the sysctl flag, it it fails, loads nfsd module and then sets again the sysctl flag. But I have another question - maybe you will know the answer. So I would like NFSv4 to serve user home directories across the network for all workstations, but I would like it to protect using user password Eg. on workstation I want to do: sudo mount -t nfs -o nfsv4 nfs4-server:/home/user1 /home/user1 and then I want to be asked for password of user1 at server (or in the whole network - users and passwords are stored in LDAP server and workstation and server have access to it) Is it possible to do with NFSv4? -- Marek Salwerowicz