On Mon, 7 Mar 2011, Nico Kadel-Garcia wrote:
NFSv4 is *NOT* your friend, and Kerberizing it effectively is not trivial. I'm using Centrify for that and to have a reliable upstream vendor who can actually support it. (I'm on a contract.) What's the issue you're encountering, besides the lack of "nfs4-acl-editor" in the RPM's.
With a CentOS 5 server and a CentOS 5 client, I've yet to manage to get it play nicely for long periods without deciding that I'm evil. Sometimes it works fine, then a reboot or a minor tinker that I'm sure shouldn't affect anything will leave it refusing to mount with Operation not permitted. Or it'll let me mount it as root, but as soon as I use it with a kerberos ticket will have a big long pause before deciding it doesn't like me. Client works fine against an EMC box, and I've had the server working before I started using Active Directory.
nfs4-acl-editor is actually built into the nfs4 tools source tree, it's just not compiled. It's not a perfect tool, but I think well worth getting into the "extras" repository for CentOS.
nfs4-acl-tools-0.3.3-1.el5, standard in CentOS. That not do what you need?
jh