Dear Andy, > Note that only AUTH_SYS sends GID and GID lists in the rpc_cred. > RPCSEC_GSS with Kerberos only sends the krb5 principal to the server. > The server looks up group membership via nsswitch - either /etc/groups > ... Can the server be set so as to ignore any AUTH_SYS sends, and accept RPCSEC_GSS only? > idmapd only deals with groups when a SETATTR arrives with ACE who's that > are group names where it maps the groupname@domain to a gid, or a > GETATTR ACL request where it maps gid->groupname@domain Can the server be set so as to ignore any attempts from the client to set group memberships, but always set its own from /etc/group? Thanks, Paul Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
