Open ekskimn opened 7 years ago
DavidASeibert
commented
7 years ago Good suggestion. We will implement that in the next release. If you need it sooner, you can implement a Kerberos specialization of the Credential interface, as described in RFC 2695, https://tools.ietf.org/html/rfc2695. That can then be used with the Nfs3 constructor that takes a Credential.
ekskimn
commented
7 years ago That actually is what I did, but I suppose the problem is that i don't know what format the Xdr needs to be in order to be read by the NFS. If you have any ideas/documentation, i'd be glad to try it out.
DavidASeibert
commented
7 years ago RFC 2695 is the documentation for the format. FWIW, it's not the NFS server that needs to read the authentication, it's the general RPC mechanism on the server. That processes the call before the NFS server is actually called to finish the processing.
craigdturner
commented
7 years ago Bump! for secure NFS as well. I am very interested in your ecs-sync. Copying from a secured NFS server to ECS S3 would be awesome.
jasoncwik
commented
7 years ago @craigdturner FYI, if you have your NFS volume locally mounted on a server, you can just use the file:// plugin of ECS-Sync to read from the local mount today! We're targeting this NFS plugin for VMs and containers where we don't want to have to mount the FS beforehand.
@DavidASeibert Was wanting to use your library as a java client to connect to a secure NFS that I can't mount (my app is running in a docker container). The NFS mount uses kerberos to authenticate. I can generate the kerberos ticket but I don't know how to send/use that with your client. Any help would be appreciated.