I'm working on an prototype to replace our NIS based auth' to kerberised
I've menage to setup NFS4 with kerberos using gss/krb5 security in exports
and all well.

we have various host groups (using nis netgroups) that should connect to
various exports,
if we change them to gss/krb5 we loose the netgroup differentiation.
I've though of using multiple realms (with a single KDC) and the various
exports will be handled by the client machine's realms, if more then one
"group" is needed we can inter-realm authenticate.

has anyone heard of such kerberos "alternative" for netgroup NFS approach?
is it feasible?
how does kadmin handle multiple realm?

any help would be most appreciate.
View this message in context: http://www.nabble.com/help-with-kerb...p15039386.html
Sent from the Kerberos - General mailing list archive at Nabble.com.