[Bug 526302] Re: "Domain = localdomain" clause in idmapd.conf breaks things in Lucid - and is unnecessary
Krzysztof Klimonda
kklimonda at syntaxhighlighted.com
Thu Mar 29 00:14:59 UTC 2012
Yes, it has been fixed in precise in nfs-utils 1:1.2.5-2ubuntu1, I'm
closing the bug as Fix Released.
Now, as for backporting the fix to Lucid (or previous releases in
general) I don't think it's worth the risk of breaking local
configuration given that the "workaround" (setting a correct domain, or
hashing it out) is reallly well documented. I think changing the conf
file would raise a prompt about what to do about it on every system
where the file has been modified in the first place - and those are
already fixed anyway. So it would only help new installations, and most
of those will start moving to 12.04 soon anyway.
** Changed in: nfs-utils (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/526302
Title:
"Domain = localdomain" clause in idmapd.conf breaks things in Lucid -
and is unnecessary
Status in “nfs-utils” package in Ubuntu:
Fix Released
Bug description:
In /etc/idmapd.conf, there's a line saying:
Domain = localdomain
This used to be "sort of" working: if server and clients had the same domain, user ID's would be mapped correctly. However, in Lucid, when you're using Kerberos, the rpc.svcgssd checks if the domain is a proper one, i.e. if you are someuser at SOME.KERBEROS.DOMAIN, then you won't get away with "domain=localdomain": your user ID will be mapped correctly, but your rights will be void, as svcgssd reports you're nobody:nogroup.
Now this wouldn't be a problem, if the "Domain" clause would be absolutely necessary - but it's not! Namely, as idmapd says, the default domain is FQDN minus hostname, which is a far better default than "localdomain".
So a proper default would be a commented out "Domain" clause in idmapd.conf, like so:
# set your own domain here, if it differs from FQDN minus hostname
# Domain = localdomain
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/526302/+subscriptions
More information about the foundations-bugs
mailing list