I am planning to set up a new network file share. The environment is not hostile, no more than 5 users. Still, for practical reasons (e.g. accidental delete or overwrite by the least experienced) the directory layout is designed that certain users get read access only to some folders, or no access at all. The rules are not complex, traditional POSIX file access permissions can handle the job.
I have reasons to avoid samba, hence the intention to try a kerberized NFSv4. No particular need for LDAP or NIS, and I would prefer to not have one, unless having one is a technical necessity. No Windows or Mac servers on the network (and we intend to keep it that way) so the use of an Active Directory or an OpenDirectory is not an option. Client computers are a mixture of FreeBSD, Linux, Windows and macOS/OSX/MacOS X.
I am in the design/preparation phase. I refreshed my knowledge with the current kerberos chapter of the FreeBSD Handbook, and also studied related pages on the web -of which I found Armin Moradi's walkthrough particularly useful.
There is one detail I am apparently missing though, and could use your pointer or clarification. Armin's guide excludes the creation of his user accounts and the setup of access permissions each have to the shared folders. So I do not yet see how one user will have RW access while another only R or nothing.
I can set this up nicely using the POSIX file permissions of the FreeBSD server (NFSv4 file share and KDC being the same host). But I do not see the connection between the user accounts of the FreeBSD host (to whom the POSIX file permissions happen to belong), and the user principles created in
Do my logic and my questions make sense?
Am I on the right track with these? Or did I confuse things in a bad way?
So, what am I missing?
I have reasons to avoid samba, hence the intention to try a kerberized NFSv4. No particular need for LDAP or NIS, and I would prefer to not have one, unless having one is a technical necessity. No Windows or Mac servers on the network (and we intend to keep it that way) so the use of an Active Directory or an OpenDirectory is not an option. Client computers are a mixture of FreeBSD, Linux, Windows and macOS/OSX/MacOS X.
I am in the design/preparation phase. I refreshed my knowledge with the current kerberos chapter of the FreeBSD Handbook, and also studied related pages on the web -of which I found Armin Moradi's walkthrough particularly useful.
Chapter 16. Security
Hundreds of standard practices have been authored about how to secure systems and networks, and as a user of FreeBSD, understanding how to protect against attacks and intruders is a must
docs.freebsd.org
There is one detail I am apparently missing though, and could use your pointer or clarification. Armin's guide excludes the creation of his user accounts and the setup of access permissions each have to the shared folders. So I do not yet see how one user will have RW access while another only R or nothing.
I can set this up nicely using the POSIX file permissions of the FreeBSD server (NFSv4 file share and KDC being the same host). But I do not see the connection between the user accounts of the FreeBSD host (to whom the POSIX file permissions happen to belong), and the user principles created in
kadmin
. Is there a never mentioned and invisible/automatic/obvious/default relationship between host user-accounts and kerberos user-principals with a matching name? E.g. a FreeBSD user named docbrown has a connection to docbrown@KERBEROS.REALM? Because that is the only way that could explain how POSIX permissions would affect the connected network users. If there is no such invisible link between host user accounts and kerberos user principals (which sounds more realistic for me), then where and how can I define which local user account's access permission applies to which kerberos user principal. Or, how else would I set POSIX file permissions to a file or folder on the host for bifftannen@KERBEROS.REALM if the host recognizes no such account. Unless, some jiggery-pokery in PAM config makes the kerberos user principals known to the host OS. But no such thing is mentioned in the above two sources. Varying forms of which is however often mention when LDAP is introduced.Do my logic and my questions make sense?
Am I on the right track with these? Or did I confuse things in a bad way?
So, what am I missing?