NFSv4 details and documentations
Rick Macklem
rmacklem at uoguelph.ca
Tue Dec 1 22:13:01 UTC 2015
Benjamin Kaduk wrote:
> On Mon, 30 Nov 2015, Rick Macklem wrote:
>
> > Yes, it is confusing, but that's Kerberos for you;-) rick
>
> Well, just Kerberos by itself is hardly this bad. The way it has been
> integrated with NFS is all kinds of special and diverges from Kerberos
> best practices in several ways, as if it was designed by someone without
> prior Kerberos experience.
>
> -Ben
I wasn't involved in the Kerberized NFS design (it was done at Sun before
IETF took over NFS stuff). They chose a "user authentication" model and
not a "host authentication" (or per mount if you'd prefer) and I'm not
sure that was the correct choice.
Are you able to explain how sshd is configured to do a kinit for the
user as they ssh into a machine?
rick
More information about the freebsd-hackers
mailing list