idmapd isn't required for kerberos

Author: ehough

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [2.1.1] - unreleased
+
+### Fixed
+* `idmapd` isn't required for Kerberos, so don't force the user to provide `idmapd.conf`
+
 ## [2.1.0] - 2019-10-31
 ### Added
 * Ability to automatically load kernel modules. ([#18](https://github.com/ehough/docker-nfs-server/issues/18)). Credit to [@andyneff](https://github.com/andyneff).

doc/feature/kerberos.md

@@ -6,8 +6,6 @@ You can enable Kerberos security for your NFS server with the following steps.
 1. set the server's hostname via the `--hostname` flag
 1. provide `/etc/krb5.keytab` which contains a principal of the form `nfs/<hostname>`, where `<hostname>` is the hostname you supplied in the previous step.
 1. provide [`/etc/krb5.conf`](https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html)
-1. provide [`/etc/idmapd.conf`](https://linux.die.net/man/5/idmapd.conf)
-1. provide `/etc/passwd` containing your NFS client users
 
 Here's an example:
 
@@ -18,8 +16,6 @@ Here's an example:
       --hostname my-nfs-server.com                        \
       -v /host/path/to/server.keytab:/etc/krb5.keytab:ro  \
       -v /host/path/to/server.krb5conf:/etc/krb5.conf:ro  \
-      -v /host/path/to/idmapd.conf:/etc/idmapd.conf:ro    \
-      -v /etc/passwd:/etc/passwd:ro                       \
       --cap-add SYS_ADMIN                                 \
       -p 2049:2049                                        \
       erichough/nfs-server

doc/feature/nfs4-user-id-mapping.md

@@ -1,12 +1,11 @@
 # NFSv4 User ID Mapping
 
-If you'd like to run [`idmapd`](http://man7.org/linux/man-pages/man8/idmapd.8.html) to map between NFSv4 IDs (e.g. `[email protected]`) and local users, simply provide [`idmapd.conf`](https://linux.die.net/man/5/idmapd.conf) and `/etc/passwd` to the container. This step is required for [Kerberos](kerberos.md).
+If you'd like to run [`idmapd`](http://man7.org/linux/man-pages/man8/idmapd.8.html) to map between NFSv4 IDs (e.g. `[email protected]`) and local users, simply provide [`idmapd.conf`](https://linux.die.net/man/5/idmapd.conf) to the container.
 
     docker run                                          \
       -v /host/path/to/exports.txt:/etc/exports:ro      \
       -v /host/files:/nfs                               \
       -v /host/path/to/idmapd.conf:/etc/idmapd.conf:ro  \
-      -v /etc/passwd:/etc/passwd:ro                     \
       --cap-add SYS_ADMIN                               \
       -p 2049:2049                                      \
       erichough/nfs-server

entrypoint.sh

@@ -5,7 +5,7 @@
 # https://hub.docker.com/r/erichough/nfs-server
 # https://github.com/ehough/docker-nfs-server
 #
-# Copyright (C) 2017-2018  Eric D. Hough
+# Copyright (C) 2017-2019  Eric D. Hough
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -461,7 +461,6 @@ init_assertions() {
   # perform Kerberos assertions
   if is_kerberos_enabled; then
 
-    assert_file_provided "$PATH_FILE_ETC_IDMAPD_CONF"
     assert_file_provided "$PATH_FILE_ETC_KRB5_KEYTAB"
     assert_file_provided "$PATH_FILE_ETC_KRB5_CONF"