[36047] in Kerberos
Re: Accessing Kerberos NFS version 4 (not 2, 3) via /net automounter
daemon@ATHENA.MIT.EDU (Nico Williams)
Tue Apr 15 15:15:09 2014
MIME-Version: 1.0
In-Reply-To: <1397580861.19767.326.camel@willson.li.ssimo.org>
Date: Tue, 15 Apr 2014 14:14:26 -0500
Message-ID: <CAK3OfOgiVJ8iwdWXcf1DdtEP2enC26pHW60rX0pUfK7EznOidg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Simo Sorce <simo@redhat.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Apr 15, 2014 at 11:54 AM, Simo Sorce <simo@redhat.com> wrote:
> On Tue, 2014-04-15 at 11:36 -0500, Nico Williams wrote:
>> Will,
>>
>> Mobile devices don't really have stable hostnames, so the system
>> should support non-hostbased host/root credentials.
>
> The hostname is pretty stable, unless you allow dhcp to push an hostname
> unto you (bad idea).
> I think what you mean is that not all mobile devices can use dyndns to
> update the name -> ip map, but this shouldn't be a problem in the NFS
> case.
Sure. But there's no need for the client to have any particular sort
of name for itself, so why pretend that it's name is host-based?
(For the share -o root=... option Solaris really wants a root/hostname
credential that it then checks against the reverse lookup on the
client IP address. I'm not too hot on this, but at least that's only
for root-equivalent access, not for general access.)
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
