trupf
commented
7 months ago OK, I think I understand now what I need to do ...
I should use
....
[Translation]
Method = nsswitch
GSS-Methods = static,nsswitch
[Static]
backup/lisa.my-home.de@MY-HOME.DE = borg
backup/mona.my-home.de@MY-HOME.DE = borg
....in order to get the behavior I want.
I'm not actually sure if this is an gssproxy issue or related to something else...
I have the following entries in /etc/idmapd.conf on the server:
Intention is that the principal ,which is used in a keytab does authenticate on the server and has access rights of user borg and id is mapped for file an directory onwership. This is actually working when no gssproxy is installed on the the server. But if it is installed all files owned by user "borg" on the server are display as owned by "nobody" on the client and file access is not granted If I than remove the static mapping entry, than the correct ownership is displayed, but access to the file is of course not permitted (which is correct in this case as user backup is not allowed to access borg's files...). Than again authentication and user mapping with a keytab for "borg@MY-HOME.DE" (without the host name part) does work with correct mapping and access rights even in gssproxy, but than I would have to use the same keytab on different clients, which is not the intention... So I think the static mapping should only be used for authentication to the nfs4 server, but for ownership should still the original user be used and displayed. At least it is working this way without gssproxy.