Thread: NFS Exporting a samba share
View Single Post
  #19  
Old 10-02-2007, 03:01 PM
unix unix is offline
Junior Member
  
Join Date: Sep 2009
Posts: 0
Default Re: NFS Exporting a samba share
Mike Eisler wrote:
> "Nico Kadel-Garcia" wrote in message
> news:...
>> Mike Eisler wrote:
>>
>>>> multipls OS releases. If you take advantage of subtle
>>>> configurations to make things work the way you want (such as using
>>>> an NIS domain name that does not match your network's default
>>>> domain name, or using hostnames that are not fully qualified
>>>> because of people's old software that uses "$HOSTNAME" =
>>>> "non-fully-qualified-hostname" sorts of statements, it quickly
>>>> becomes a nightmare. And Kerberos used to be pretty fascist about
>>>> insisting that the
>>>
>>> Which is why the Solaris NFS/Kerberos V5 stack always canonicalizes
>>> based on the FQDN returned by DNS.
>>>
>>> have you actually used an NFS/Kerberos V5 stack, or are you
>>> casting theory?
>>
>> Harsh, harsh experience with older NFS/Kerberos implementations in
>> very
>
> Which NFS/Kerberos V5 stack have you used?

Like I said, it's been a while. This level of adventurous analysis was going
in with the latest MIT Kerberos release and Solaris 2.5 and SunOS 4.1.x. I
took another shot at it about 5 years ago, and had too many problems getting
it to interoperate well with the Windows systems, then took another shot at
it maybe 3 years ago and couldn't get the buy in to make the corporate wide
changes.

Like I said, been there, done that. If both have evolved since then, fine,
but most sites these days use FQHN as their $HOSTNAME, and as their default
entries in /etc/hosts just as a matter of best practices.

>> heterogeneous configurations. Unless they've added something since
>> then, Kerberos uses the various "gethostby" functions in libc to try
>> to determine the canonical hostname, and actually uses the first
>> entry returned as the "canonical" name. And unfortunately, you can't
>> just assert that "DNS gives
>
> Yes indeed, you are casting theory.

No, I actually read the damn code. Have they changed it since then? It was
particularly irritating with the "I insist on having an FQHN in order to log
what machine compiled this code, and I won't let you recompile it except
from scratch because I have fiendishly installed a timestamp in the Makefile
structure to force onbly complete recompilations, moo-ha-ha!"

Look, friend, don't call it "casting theory" when someone's actually tried
to get the systems to work together and run into the ussue.


Reply With Quote