Client authentication question
Kevin Coffman
kwc at citi.umich.edu
Mon Dec 10 11:16:14 EST 2007
On Dec 10, 2007 11:08 AM, Lukas Hejtmanek <xhejtman at ics.muni.cz> wrote:
> On Mon, Dec 10, 2007 at 11:05:11AM -0500, Kevin Coffman wrote:
> > What version of nfs-utils do you have? In nfs-utils-1.1.0, any
> > usable keytab entry will be used rather than insisting on matching the
> > hostname.
>
> I don't have krb5.keytab at all. I have nfs utils 1.1.1. Without krb5.keytab
> I got permission denied from the server. So, you are saying that I can have
> arbitrary krb5.keytab?
Without the "-n" option to rpc.gssd, you need a keytab. It can have
an entry for any "root/*", "nfs/*", or "host/*" principal.
With the "-n" option, root must manually authenticate (i.e. kinit as
some Kerberos principal) before doing the mount.
K.C.
More information about the NFSv4
mailing list