yeah, I heard Bikash Roy Choudhury is cool!! :)
houdhury
On Nov 9, 2014, at 5:35 PM, Parisi, Justin Justin.Parisi@netapp.com wrote:
7mode allows you to get past the 16 GID limitation by extending GIDs out to 256.
cDOT will offer that parity in the upcoming release – but it will allow 1024.
As for Kerberos, NFSv4, etc… it is challenging to set up, but once you have a working infrastructure, implementing it is no problem.
TR-4073 covers this in detail.
http://www.netapp.com/us/media/tr-4073.pdf http://www.netapp.com/us/media/tr-4073.pdf
I hear the guy who wrote it is cool, too.
From: toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net] On Behalf Of Touretsky, Gregory Sent: Sunday, November 09, 2014 2:30 AM To: Michael Garrison; toasters@teaparty.net mailto:toasters@teaparty.net Subject: RE: "Sensitive data" storage needs
We’re piloting NFSv3 with Kerberos in our environment. Seehttp://snia.org/sites/default/files2/SPDEcon2013/presentations/Security/Greg... http://snia.org/sites/default/files2/SPDEcon2013/presentations/Security/Gregory_Touretsky_Implementing_Kerberos.pdf for some details. The main goal is to overcome 16 GIDs limitation. <> From: toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net] On Behalf Of Michael Garrison Sent: Friday, November 07, 2014 23:53 To: toasters@teaparty.net mailto:toasters@teaparty.net Subject: "Sensitive data" storage needs
We currently offer a NFS v3 service that people can purchase. It's relatively inexpensive and basic, but thats what folks like. They can access it from their desktop and then access the data on a cluster to do compute jobs. However, it doesn't meet the requirements of being able to store sensitive data - like ePHI.
I've been exploring the route of NFS v4 with Kerberos, but the Linux client leaves a lot to be desired. Additionally, folks are so used to how NFS v3 works that introducing Kerberos into the mix is challenging.
How are other groups (business, academic, whatever), addressing security, yet doing it in an inexpensive manner and allowing cross-platform access? Is anyone doing NFS v4 (or v3) with Kerberos today?
Thanks, Mike Garrison
Intel Israel (74) Limited
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
Toasters mailing list Toasters@teaparty.net mailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters http://www.teaparty.net/mailman/listinfo/toasters