cookbook for setting up kerberos auth'd NFS?

[Robert Sturrock]

jg...@oes.amdahl.com (John G. Thompson) writes:

>Is there a cookbook document for setting up a kerberos authenticated NFS
>mount?

Not sure .. but there is a reasonable section in the answerbook about
it. The steps are spelled out in there. I don't have access to the
Answerbook right now, so I'm relying on memory, but it goes something
like:

* must run "kerbd" process on both NFS client and NFS server
* must be running a Kerberos *V4* server
* export the filesystem with kerberos authentication enabled:

server# share -F nfs -o rw,kerberos /export/xxx

* obtain "root.client" ticket-granting ticket on the client:

client# kinit root.client

* mount the filesystem on the client, with the kerberos option:

client# mount -o rw,kerberos server:/export/xxx /mnt

The above mount command will obtain an "nfs.server" service ticket
from the kerberos server. You can very this with "klist".

Therefore, your kerberos server needs to have a couple of principals:

root.client which you have the passwd for
nfs.server which appears in the server's /etc/srvtab
file (generated with ext_srvtab).

As already noted, "kerbd" needs to be running on both client and
server. "kerbd -d" is quite useful for debugging.

--
Robert Sturrock <r...@deakin.edu.au>
Deakin University +61 52 27 2108