NFSv4 + Kerberos + users
Jan Sanders
jsanders at TechFak.Uni-Bielefeld.DE
Tue Dec 4 07:51:43 EST 2007
Hello,
I have tried to use the -n option of rpc.gssd.
I use Debian/lenny, which comes shipped with nfs-utils 1.1
I started rpc.gdds manually using
rpc.gssd -vvvv -rrrr -n
The manpage says about the rpc.gssd -n option:
"By default, rpc.gssd treats accesses by the user with UID 0 specially,
and uses "machine credentials" for all accesses by that user which
require Kerberos authentication. With the -n option, "machine
credentials" will not be used for accesses by UID 0. Instead,
credentials must be obtained manually like all other users. Use of this
option means that "root" must manually obtain Kerberos credentials
before attempting to mount an nfs filesystem requiring Kerberos
authentication."
I have done so. As root I used
kinit -p joeuser/nfstestuser at TECHFAK.UNI-BIELEFELD.DE
klist output:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: joeuser/nfstestuser at TECHFAK.UNI-BIELEFELD.DE
When I now try to mount a dir using nfs4 -o sec=krb5 I can see by
observing the packets that
nfs/nfs2.nette.techfak.uni-bielefeld.de at TECHFAK.UNI-BIELEFELD.DE is
used. /var/log/syslog is consistent with this observation.
When I move the /etc/krb5.keytab away I get a permission denied.
Am I missing something? How can I get rpc.gssd to actually use other
than machine credentials. How can I specify which to use.
TIA
Jan Sanders
More information about the NFSv4
mailing list