From owner-freebsd-current@FreeBSD.ORG  Fri Jan  7 20:16:33 2011
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 784631065675;
	Fri,  7 Jan 2011 20:16:33 +0000 (UTC)
	(envelope-from rmacklem@uoguelph.ca)
Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca
	[131.104.91.44])
	by mx1.freebsd.org (Postfix) with ESMTP id 264DB8FC0C;
	Fri,  7 Jan 2011 20:16:32 +0000 (UTC)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApwEAE8DJ02DaFvO/2dsb2JhbACDd6EnrXONMYEhgzd0BIRnhiI
X-IronPort-AV: E=Sophos;i="4.60,290,1291611600"; d="scan'208";a="106293091"
Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca)
	([131.104.91.206])
	by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 07 Jan 2011 15:16:32 -0500
Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1])
	by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 37B34B4170;
	Fri,  7 Jan 2011 15:16:32 -0500 (EST)
Date: Fri, 7 Jan 2011 15:16:32 -0500 (EST)
From: Rick Macklem <rmacklem@uoguelph.ca>
To: Ivan Voras <ivoras@freebsd.org>
Message-ID: <1136425833.263121.1294431392106.JavaMail.root@erie.cs.uoguelph.ca>
In-Reply-To: <AANLkTi=GVijaPKONJk8wyovMsoqidvFpd+kkc0zjxKBm@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [172.17.91.203]
X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - IE8 (Win)/6.0.10_GA_2692)
Cc: freebsd-current@freebsd.org
Subject: Re: nfssvc not available or version mismatch (nfsv4 client)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2011 20:16:33 -0000

> 
> I was thinking about the practical scenario where users share a server
> - currently, as there's AFAIK no facility for remapping UIDs in
> FreeBSD, UIDs and usernames have to match on all machines. Will this
> change with NFSv4?

Unless you use Kerberized mounts (sec=krb5 or sec=krb5i or sec=krb5p), no.

I, personally, think that a simple authentication mechanism that had a
name instead of uid in it would be nice. However, to have any chance of
getting that through the ietf working group, I think it would have to be
accompanied by some sort of host based security (think "like an ssh tunnel
using IPSEC") and I don't have the time nor expertise to work that all out.
Then, it all has to be written up as an internet draft, and then, since I
don't have any travel budget to go to the IETF meetings, I'll bet it'd never
get anywhere.

If some NFS vendor likes this idea, I'd be happy to work wth them on it,
because I believe setting up Kerberos is just too much hassle for most
people.

rick