[clue] Filesystems + LDAP permissions???
Dan Kulinski
daniel at kulinski.net
Wed Sep 14 11:08:49 MDT 2016
Raymond,
Good point on the local filesystem, I was under a bad assumption that this
was a network file system. You can support ACLs at the local file system
level but I don't know if they can be set to have kerberos based security.
At some point the LDAP user is mapped to a UID/GID (hopefully based on a
UNIX compatible LDAP schema) and using ACLs should grant the protection
needed.
You are absolutely correct about an IPA type of setup for this.
Thanks,
Dan
On Wed, Sep 14, 2016 at 10:02 AM, Raymond DeRoo <rderoo at deroo.net> wrote:
> Dan,
>
> > Generally NFSv4 can be configured to use kerberos for authorization.
> This can be used in conjunction with LDAP accounts.
>
> This is my understanding as well, however in addition isn’t IPA also
> needed of the kerberos realm -> LDAP schema? Perhaps I misunderstood the
> OP, but I thought the desire was for the local file system. I support it
> would be possible to run NFS locally and then use LDAP/IPA to authenticate
> uses…
>
> Now I’m even more interested in what the file solution looks like.
>
> Kind regards,
> Raymond
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20160914/c86b153e/attachment-0001.html
More information about the clue
mailing list