NFS4 and remote access
Kevin Coffman
kwc at citi.umich.edu
Wed Apr 18 09:07:32 EDT 2007
On 4/18/07, Ian Grant <Ian.Grant at cl.cam.ac.uk> wrote:
> Dear List,
>
> We are wondering how we can best allow remote ssh access to our users
> if their home directories are mounted using NFSV4 with kerberos
> authentication.
>
> We currently try hard not to expose user passwords to remote systems.
> So we only allow ssh access using one-time passwords or public keys.
>
> If we were to set up ssh so that users could connect using public keys,
> we would like them to be able to authenticate themselves to NFS without
> exposing their kerberos key. One idea is to have them use a one-time
> password to get credentials via a keytab, but securely managing the
> keytabs would be a problem.
>
> Does anyone have a better idea? I would be interested to hear.
>
> Ian
Have you considered using Kerberos authentication for ssh and
forwarding Kerberos credentials? (Assuming this is possible given the
environment where the users are coming in from.)
K.C.
More information about the NFSv4
mailing list