Hello,

I'm working on an prototype to replace our NIS based auth' to kerberised
services.
I've menage to setup NFS4 with kerberos using gss/krb5 security in exports
and all well.

we have various host groups (using nis netgroups) that should connect to
various exports,
if we change them to gss/krb5 we loose the netgroup differentiation.
I've though of using multiple realms (with a single KDC) and the various
exports will be handled by the client machine's realms, if more then one
"group" is needed we can inter-realm authenticate.

has anyone heard of such kerberos "alternative" for netgroup NFS approach?
is it feasible?
how does kadmin handle multiple realm?

any help would be most appreciate.
--
View this message in context: http://www.nabble.com/help-with-kerb...p15039386.html
Sent from the Kerberos - General mailing list archive at Nabble.com.