IETF Logo Mail Archive

RE: [nfsv4] Name Mappings for NFSv4 in Active Directory

"Wachdorf, Daniel R" <drwachd@sandia.gov> Wed, 08 October 2003 22:05 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA11487 for <nfsv4-archive@odin.ietf.org>; Wed, 8 Oct 2003 18:05:22 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MQZ-0005Ik-5f for nfsv4-archive@odin.ietf.org; Wed, 08 Oct 2003 18:05:03 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h98M53NA020359 for nfsv4-archive@odin.ietf.org; Wed, 8 Oct 2003 18:05:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MQY-0005HR-Ln for nfsv4-web-archive@optimus.ietf.org; Wed, 08 Oct 2003 18:05:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA11434 for <nfsv4-web-archive@ietf.org>; Wed, 8 Oct 2003 18:04:51 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A7MQV-00054G-00 for nfsv4-web-archive@ietf.org; Wed, 08 Oct 2003 18:04:59 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1A7MQV-00054D-00 for nfsv4-web-archive@ietf.org; Wed, 08 Oct 2003 18:04:59 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MQX-0005Gf-LB; Wed, 08 Oct 2003 18:05:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A7MPt-0005Fo-Fy for nfsv4@optimus.ietf.org; Wed, 08 Oct 2003 18:04:21 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA11368 for <nfsv4@ietf.org>; Wed, 8 Oct 2003 18:04:10 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A7MPq-00053y-00 for nfsv4@ietf.org; Wed, 08 Oct 2003 18:04:18 -0400
Received: from mm01snlnto.sandia.gov ([132.175.109.20] helo=MM01SNLNTO.son.sandia.gov) by ietf-mx with esmtp (Exim 4.12) id 1A7MPp-00053j-00 for nfsv4@ietf.org; Wed, 08 Oct 2003 18:04:18 -0400
Received: from 132.175.109.4 by mm02snlnto.son.sandia.gov with ESMTP ( Tumbleweed MMS SMTP Relay 01 (MMS v5.5.3)); Wed, 08 Oct 2003 16:03:41 -0600
Received: from es08snlnt.sandia.gov (smtp-in.sandia.gov [134.253.130.11] ) by mailgate2.sandia.gov (8.12.10/8.12.10) with ESMTP id h98M3d0M009710; Wed, 8 Oct 2003 16:03:39 -0600 (MDT)
Received: by es08snlnt.sandia.gov with Internet Mail Service ( 5.5.2653.19) id <41WMLNJ2>; Wed, 8 Oct 2003 16:03:40 -0600
Message-ID: <AC89BDA1E3CCBC42B9CA5B50FE7934D3032D08F4@es10snlnt.sandia.gov>
From: "Wachdorf, Daniel R" <drwachd@sandia.gov>
To: 'Nicolas Williams' <Nicolas.Williams@sun.com>, "Wachdorf, Daniel R" <drwachd@sandia.gov>
cc: nfsv4@ietf.org
Subject: RE: [nfsv4] Name Mappings for NFSv4 in Active Directory
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-WSS-ID: 139A56371946923-01-01
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: nfsv4-admin@ietf.org
Errors-To: nfsv4-admin@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/nfsv4/>
X-Original-Date: Wed, 8 Oct 2003 16:03:40 -0600
Date: Wed, 08 Oct 2003 16:03:40 -0600
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

I have seen that.  Is document describes a way of providing that same
functionality (minus the communication piece) by placing this in active
directory.
This would allow:
	-foreign security principals to have group information associated
with them.  You could add a foreign security principal into a local
active directory group.
	-provides long term storage for a mapping of UID/GID to nfsv4 names.
This is useful if file systems are replicated, or written to long-term
backup mechanisms.
	-on the fly creation of UIDS/GIDS. (they would have be synchronized
with the directory service).

-dan
-----Original Message-----
From: Nicolas Williams [mailto:Nicolas.Williams@sun.com] 
Sent: Wednesday, October 08, 2003 3:50 PM
To: Wachdorf, Daniel R
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] Name Mappings for NFSv4 in Active Directory

Please see:

http://www.ietf.org/internet-drafts/draft-williams-nfsv4-ace-mapping-01.txt

This draft describes:

 - how to map user|group@domain names from multiple domains to UIDs/GIDs
   in one domain

    - including how to deal with foreign domain name reuse

 - how to do this on demand (as opposed to having to have meta-directory
   style synchronization)

 - how to make such mappings consistent to any of: a single host, a
   cluster of hosts, an entire domain

 - a new Kerberos V authorization data type that lists a principal's
   NFSv4-style user@domain and group@domain name lists

Cheers,

Nico

On Wed, Oct 08, 2003 at 03:34:57PM -0600, Wachdorf, Daniel R wrote:
> I have been working with CITI on finding a way to use Active Directory to
> use map NFSv4 names into active directory user accounts.
> I wrote a document that describes a scheme to map NFSv4 names and
> authentication principals into an Active Directory Domain.  
> I would be interested in what the members of the list thought.  Thanks.
> 
> -dan
> 
> --------------------------------------
> Daniel Wachdorf
> drwachd@sandia.gov
> Sandia National Laboratories
> System Security Research and Integration
> 505-284-8060
> 
> 
> 
> 




_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email