[Bug 526302] Re: "Domain = localdomain" clause in idmapd.conf breaks things in Lucid - and is unnecessary
Toby Corkindale
526302 at bugs.launchpad.net
Wed Mar 28 01:00:55 UTC 2012
This bug looks like it has been resolved in Precise, by the way.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/526302
Title:
"Domain = localdomain" clause in idmapd.conf breaks things in Lucid -
and is unnecessary
Status in “nfs-utils” package in Ubuntu:
Confirmed
Bug description:
In /etc/idmapd.conf, there's a line saying:
Domain = localdomain
This used to be "sort of" working: if server and clients had the same domain, user ID's would be mapped correctly. However, in Lucid, when you're using Kerberos, the rpc.svcgssd checks if the domain is a proper one, i.e. if you are someuser at SOME.KERBEROS.DOMAIN, then you won't get away with "domain=localdomain": your user ID will be mapped correctly, but your rights will be void, as svcgssd reports you're nobody:nogroup.
Now this wouldn't be a problem, if the "Domain" clause would be absolutely necessary - but it's not! Namely, as idmapd says, the default domain is FQDN minus hostname, which is a far better default than "localdomain".
So a proper default would be a commented out "Domain" clause in idmapd.conf, like so:
# set your own domain here, if it differs from FQDN minus hostname
# Domain = localdomain
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/526302/+subscriptions
More information about the foundations-bugs
mailing list