Client authentication question
J. Bruce Fields
bfields at fieldses.org
Mon Dec 10 11:40:48 EST 2007
On Mon, Dec 10, 2007 at 03:52:22PM +0100, Lukas Hejtmanek wrote:
> when using Kerberos for authentication, the client must possess krb5.keytab to
> be able to mount NFS volume from the server with krb extensions. However, the
> krb5.keytab is bound with the client IP and hostname. In such a case, the
> client may not migrate to another network (where he gets another IP and
> invalides krb5.keytab from the previous network). Is this a desired feature or
> something that should work (I mean the migration).
>
> Regarding the migration - I do not need live migration with mounted file
> system, I just want to be able to mount the share in any network from my home
> NFS server. Is there any solution for this if I want the kerberos
> authentication?
I do krb5-authenticated mounts from my laptop all the time, and it works
just fine. It'll keep using the one keytab regardless of whatever IP it
has on the current network.
--b.
More information about the NFSv4
mailing list