-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Neal Becker wrote:
I'm wondering if I can use nfsv4 idmap so that I can share files
between systems
without syncing uids.
Thing is, I don't want to have to learn kerberos, ldap, etc.
Is it possible to use idmap functionality without any complicated setup?
One workaround that can be used not involving Kerberos, NIS, LDAP, etc
is setting the hosts files.
If you set up your hosts.allow with machines you want to access the
server e.g:
`portmap: 192.168.0.x , 192.168.0.xx`
& your hosts.deny e.g:
`portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL`
you can then makes the shares world writable. If that's of major concern
to you, you can add in hosts.deny:
`ALL:ALL` but you may run into problems adding new services.
Portmapper first visits hosts.allow & any entry it finds in there is
allowed access. If it finds nothing corresponding in there, it then
checks hosts.deny & follows the rules set there. So it will accept any
entry you set in hosts.allow & then block all other access making it
secure. Not the Red Hat way one suspects but down & dirty & it works.
Not advisable for forward facing, production machines, etc, etc...
Cheers,
Phil...
- --
currently (ab)using
CentOS 6.2, Debian Squeeze, Fedora Beefy, OS X Snow Leopard, Ubuntu Precise
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: §auto-key-locate cert pka ldap
hkp://keys.gnupg.net
Comment: GPGTools -
http://gpgtools.org
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQE7/yAAoJEKuJdOaOnmMJ4q4H/39h78FBYjGgPT0lNYW6YRfs
e3AYiUjic2G4+QyJfSvdAyjDJXO3meWWtZL2MQ3qCCvsAK0ju5yQbVJAVdSkKcz1
yngMyhBrXg5o5/6hSJBg30fR2UIaBdaj5Q6t1t47auOzqhY0MrrgDC8R1YUE/IuN
yfx/3pUnbg3LThSVZkEPYVDNx22BYfWeEb/VBF0dinTfm3FmMW+DiRZDQ9Hnx+gH
bTkBKpOxt8CW+1S85k9Y1rCySbqCXiH4apecSF4fhPJGK78DaoTeXL/rHUGo87E2
uBFT1FAr2UKwdKlFOoezkiVGZrDaZe79zUU3ag5edHIkrCPTVY0TuUA8Rh8TVR8=
=Z7wn
-----END PGP SIGNATURE-----