Re: Kerberos TGT and NFS

To: debian-edu@lists.debian.org
Subject: Re: Kerberos TGT and NFS
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Sat, 4 Feb 2012 10:30:14 +0100
Message-id: <[🔎] 20120204093014.GC5149@fuzi>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <[🔎] 20120204091722.GD2861@ticino.com>
References: <[🔎] 20120204091722.GD2861@ticino.com>

Hi Giorgio,

On Sat, Feb 04, 2012 at 10:17:23AM +0100, Giorgio Pioda wrote:

> I got Ubuntu running, nice. But IMHO it shouldn't. I don't understand
> the black magic I've produced by myself, about the nfs/client kerberos
> granting.
> 
> I didn't copy nor generate any krb5.keytab for the nfs/client and
> although this fact nfs works.
> 
> How is the TGT nfs working? Is the keytab stored i ldap? In this latter case
> I fear that a MAC spoof would lead to unattended mounting of clients that are
> not aknowledged.
> 
> Do you have an explanation, a reference link?
> 

Skolelinux doesn't use kerberized NFSv4 yet.  There is no mechanism
available to create and copy the keytabs.  Perhaps this can be done
with a GOsa hook, however then the client needs to be available to scp
the keytab ...

However, you might be able to switch kerberization on by doing the
above manually and remove the sec=sys part in /etc/exports of the
mainserver. 

Regards,

	Andi

Reply to:

References:
- Kerberos TGT and NFS
  - From: Giorgio Pioda <gfwp@ticino.com>

Prev by Date: Kerberos TGT and NFS
Next by Date: Re: NFS options
Previous by thread: Kerberos TGT and NFS
Next by thread: Third Debian Edu Squeeze based Beta Release, 6.0.4 edu beta3
Index(es):
- Date
- Thread