Dear Neil, > If you are using kerberos authentication then you should be able > to trust that any remote user really is who they say they are ... Does that "work" also against the "evil remote root" e.g. when the remote machine is compromised? > If you are using NFSv4 and kerberos than there already exist > interfaces to do what you want. See "man idmap.conf". ... Sorry I do not use NFSv4 or kerberos, yet. Could you please point me to references about idmap.conf, the ones I found suggest it only takes [Mapping] settings for Nobody-User and Nobody-Group. I agree with you that root_squash as currently implemented is rather limited and useless, but am hoping that it can be improved. Thanks for your help, Paul Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
