I'm currently involved with getting NFSv4 and Kerberos. We've decided to bite the bullet and try and make the transition.
Our environment is:
- Windows AD
- LDAP auth on Linux against said AD.
- RHEL5/6 and a small ish list of exceptions. (Some of our users desperately needed Slackware, Debian, Centos).
- NetApp filers supplying CIFS/NFS.
We've hit a bit of a stumbling point though - that's with the root service principal, and how to enable NFS shares so that people who need root access to their share, can have it.
The reason that's proving quite irksome, is because when mounting NFS on RHEL 5 - an nfs service principal seems to be hardcoded into the mount process. So we're still struggling a bit with how to handle the problem, as you can get tripped up by the idmapping process.
After all, if you set nfs to be UID zero, then ... when you ls you will see a whole bunch of files owned by nfs not root. If you don't set up an nfs user, then you might see a lot of files owned by nobody, although you can probably still chown them.
RHEL6 is less painful, but it still feels a bit clunky to be configuring machine accounts with UIDs/GIDs. (And you still have a similar problem with th
So I'm wondering what others are doing in the real world? How are you handling privilege delegation of your NFS mounts?
