NFS4 and remote access
William A. (Andy) Adamson
andros at citi.umich.edu
Wed Apr 18 09:01:18 EDT 2007
On 4/18/07, Ian Grant <Ian.Grant at cl.cam.ac.uk> wrote:
>
> Dear List,
>
> We are wondering how we can best allow remote ssh access to our users
> if their home directories are mounted using NFSV4 with kerberos
> authentication.
>
> We currently try hard not to expose user passwords to remote systems.
> So we only allow ssh access using one-time passwords or public keys.
>
> If we were to set up ssh so that users could connect using public keys,
> we would like them to be able to authenticate themselves to NFS without
> exposing their kerberos key. One idea is to have them use a one-time
> password to get credentials via a keytab, but securely managing the
> keytabs would be a problem.
>
> Does anyone have a better idea? I would be interested to hear.
you can set up kerberos ticket forwarding over ssh. this means that you
kinit on the local machine, and your kerberos tickets get forwarded over the
ssh connection to the NFSv4 server machine.
-->Andy
Ian
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux-nfs.org/pipermail/nfsv4/attachments/20070418/f0dafb5f/attachment.htm
More information about the NFSv4
mailing list