Date: Tue, 1 Dec 2015 17:12:58 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Benjamin Kaduk <kaduk@mit.edu> Cc: hackers@freebsd.org Subject: Re: NFSv4 details and documentations Message-ID: <1162872124.114408327.1449007978859.JavaMail.zimbra@uoguelph.ca>
next in thread | raw e-mail | index | archive | help
Benjamin Kaduk wrote: > On Mon, 30 Nov 2015, Rick Macklem wrote: > > > Yes, it is confusing, but that's Kerberos for you;-) rick > > Well, just Kerberos by itself is hardly this bad. The way it has been > integrated with NFS is all kinds of special and diverges from Kerberos > best practices in several ways, as if it was designed by someone without > prior Kerberos experience. > > -Ben I wasn't involved in the Kerberized NFS design (it was done at Sun before IETF took over NFS stuff). They chose a "user authentication" model and not a "host authentication" (or per mount if you'd prefer) and I'm not sure that was the correct choice. Are you able to explain how sshd is configured to do a kinit for the user as they ssh into a machine? rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1162872124.114408327.1449007978859.JavaMail.zimbra>