[898] in Kerberos
Re: Kerberized NFS Suggestion
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Fri Apr 6 16:05:03 1990
From: qjb@ATHENA.MIT.EDU
To: haynes@UCSCI.UCSC.EDU
Cc: kerberos@ATHENA.MIT.EDU
> Seems to me it would be useful to have a mount option for enabling
> and disabling Kerberos mapping on a per-file-system basis rather than
> globally for the whole server.
What we do at Athena is use a program called attach. Attach is
a setuid-root program that, given a filesystem name, looks it up
(with hesiod) to deterine what type of filesystem it is, where
it is, and how it should be mounted. For NFS filesystems, it is
currently possible for us to specify read-only mounts, read-write
mounts, or mounts with no nfs mapping. Thus, if I want to mount
something with out kerberized NFS, I just type
attach -n <filesystem name>
Our /etc/mount program never tries to establish kerberos
mappings.
In other words, it is a good idea to enable/disable this on a
per-filesystem basis and there are many ways in which you can do
this.
I don't know whether attach is distributable from here or not.
It isn't on athena-dist...
Jay Berkenbilt
MIT Project Athena
