-   Linux - Server (
-   -   General questions about Debian + LDAP + NFSv4 + Kerberos (

besson3c 01-02-2012 03:56 AM

General questions about Debian + LDAP + NFSv4 + Kerberos

I'd like to upgrade from NFSv3 to NFSv4, or at least explore doing this if possible.

I'm running LDAP and Debian Squeeze, and a little while back I had difficulty with the user ID mapping using NFSv4 (even using idmapd) and LDAP so I gave up on this and settled on NFSv3. For some reason I can no longer find the page that said this, but I could have sworn that somewhere on the Debian wiki it said that Kerberos is required for NFSv4 and LDAP, so at the time I concluded that my problem would only be solved by bringing Kerberos into the mix.

So, questions:

1) Is Kerberos still required? This seemed like overkill to me at the time

2) If I do get into Kerberos, can I do simple password resets via a web interface as easily as I can with straight LDAP and a language such as PHP that can speak directly with the LDAP server?

I understand that using Kerberos provides some security benefits in having private password storage, but these machines are locked down and the LDAP server not publicly reachable. I don't mind the hashed passwords residing in my LDAP directory. Then again, if Kerberos is not going to introduce any downsides including question #2, I guess I wouldn't be opposed to adding it to the mix.


All times are GMT -5. The time now is 10:58 PM.