NFSv4 Kerberized

To: debian-edu@lists.debian.org
Subject: NFSv4 Kerberized
From: Giorgio Pioda <gfwp@ticino.com>
Date: Sun, 5 Feb 2012 11:37:48 +0100
Message-id: <[🔎] 20120205103748.GA4772@ticino.com>

Hi,

On my Ubuntu workstation client I've been able to kerberize NFSv4 mounts.

Basically It is needed to create princ and keytab for nfs/yourclient.intern.
The princ for the nfs server is already existent as nfs/tjener.intern, but adding
the keytab is needed. Keytab can go to default krb5.keytab, since  nfs
runs as root. No need to add kerberos autentication of the autofs service,
like stated somewhere in internet (autofsclient principal and keytab).

Important is the "ktadd -e des" options for all nfs/xxx.intern since nfsv4
works only with des, and the allow_weak_crypto = true in krb5.conf.

Then modify ldap options "automountInformation: -fstype=nfs4,sec=krb5,rw tjener.intern:/&"

The rest is rebooting two or three times (no idea why, both tjener
and client), and checking the mount options with "mount" command.

At this stage I guess that it is possible to remove the sys option
in/etc/exports on tjener. ( Not tried yet, for sake of compatibility
with other client images).

Regards

Giorgio

P.S: Next would be to use authentication without TGT and avoiding
the keytab for client and server.

-- 
Sysadmin SPSE-Tenero
Ufficio:   +41 91 735 62 48 
Cellulare: +41 79 629 20 63

Reply to:

Prev by Date: KTA PERMATA hingga 7X limit CC
Next by Date: debian-edu-config_1.450~svn76017_i386.changes ACCEPTED
Previous by thread: KTA PERMATA hingga 7X limit CC
Next by thread: debian-edu-config_1.450~svn76017_i386.changes ACCEPTED
Index(es):
- Date
- Thread