<div dir="ltr"><div><div><div>Raymond,<br><br></div>Good point on the local filesystem, I was under a bad assumption that this was a network file system. You can support ACLs at the local file system level but I don't know if they can be set to have kerberos based security. At some point the LDAP user is mapped to a UID/GID (hopefully based on a UNIX compatible LDAP schema) and using ACLs should grant the protection needed. <br><br>You are absolutely correct about an IPA type of setup for this. <br><br></div>Thanks,<br></div> Dan<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 14, 2016 at 10:02 AM, Raymond DeRoo <span dir="ltr"><<a href="mailto:rderoo@deroo.net" target="_blank">rderoo@deroo.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dan,<br>
<span class=""><br>
> Generally NFSv4 can be configured to use kerberos for authorization. This can be used in conjunction with LDAP accounts.<br>
<br>
</span>This is my understanding as well, however in addition isn’t IPA also needed of the kerberos realm -> LDAP schema? Perhaps I misunderstood the OP, but I thought the desire was for the local file system. I support it would be possible to run NFS locally and then use LDAP/IPA to authenticate uses…<br>
<br>
Now I’m even more interested in what the file solution looks like.<br>
<br>
Kind regards,<br>
Raymond<br>
<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" rel="noreferrer" target="_blank">http://cluedenver.org/mailman/<wbr>listinfo/clue</a></div></div></blockquote></div><br></div>