8 Krypton

Who am I?

Jump to solution

Who am I? - (from an Isilon multiprotocol perspective)

Tags (2)
1 Solution

Accepted Solutions
8 Krypton

Re: Who am I?

Jump to solution
When working with permissions, one of the key things a NAS device has to do is determine who is asking for data.  Isilon uses a user mapping service to combine a user's identities from different directory services into a single access "token" to determine access and permissions. 

When a user logs in to an Isilon cluster, this service expands the user identity to include all Active Directory, LDAP and NIS information.  A token includes UNIX user identifier (UID), a UNIX group identifier (GID), a Windows Security Identifier (SID) and a Windows primary group Security Identifier. 


The Token can also contain privileges that allow a user or group permission to do something on the Cluster.


The command:


isi auth mapping token --user=domain\user 


will give you the complete access token of a user that lists every identity that Isilon knows about.

0 Kudos
1 Reply
8 Krypton

Re: Who am I?

Jump to solution
When working with permissions, one of the key things a NAS device has to do is determine who is asking for data.  Isilon uses a user mapping service to combine a user's identities from different directory services into a single access "token" to determine access and permissions. 

When a user logs in to an Isilon cluster, this service expands the user identity to include all Active Directory, LDAP and NIS information.  A token includes UNIX user identifier (UID), a UNIX group identifier (GID), a Windows Security Identifier (SID) and a Windows primary group Security Identifier. 


The Token can also contain privileges that allow a user or group permission to do something on the Cluster.


The command:


isi auth mapping token --user=domain\user 


will give you the complete access token of a user that lists every identity that Isilon knows about.

0 Kudos