General questions about Debian + LDAP + NFSv4 + Kerberos
Hello,
I'd like to upgrade from NFSv3 to NFSv4, or at least explore doing this if possible.
I'm running LDAP and Debian Squeeze, and a little while back I had difficulty with the user ID mapping using NFSv4 (even using idmapd) and LDAP so I gave up on this and settled on NFSv3. For some reason I can no longer find the page that said this, but I could have sworn that somewhere on the Debian wiki it said that Kerberos is required for NFSv4 and LDAP, so at the time I concluded that my problem would only be solved by bringing Kerberos into the mix.
So, questions:
1) Is Kerberos still required? This seemed like overkill to me at the time
2) If I do get into Kerberos, can I do simple password resets via a web interface as easily as I can with straight LDAP and a language such as PHP that can speak directly with the LDAP server?
I understand that using Kerberos provides some security benefits in having private password storage, but these machines are locked down and the LDAP server not publicly reachable. I don't mind the hashed passwords residing in my LDAP directory. Then again, if Kerberos is not going to introduce any downsides including question #2, I guess I wouldn't be opposed to adding it to the mix.
Thanks!
|