>Is there a cookbook document for setting up a kerberos authenticated NFS
>mount?
Not sure .. but there is a reasonable section in the answerbook about
it. The steps are spelled out in there. I don't have access to the
Answerbook right now, so I'm relying on memory, but it goes something
like:
* must run "kerbd" process on both NFS client and NFS server
* must be running a Kerberos *V4* server
* export the filesystem with kerberos authentication enabled:
server# share -F nfs -o rw,kerberos /export/xxx
* obtain "root.client" ticket-granting ticket on the client:
client# kinit root.client
* mount the filesystem on the client, with the kerberos option:
client# mount -o rw,kerberos server:/export/xxx /mnt
The above mount command will obtain an "nfs.server" service ticket
from the kerberos server. You can very this with "klist".
Therefore, your kerberos server needs to have a couple of principals:
root.client which you have the passwd for
nfs.server which appears in the server's /etc/srvtab
file (generated with ext_srvtab).
As already noted, "kerbd" needs to be running on both client and
server. "kerbd -d" is quite useful for debugging.
--
Robert Sturrock <r...@deakin.edu.au>
Deakin University +61 52 27 2108