NFS V4 & Kerberos V5 - Kerberized NFS
Kevin Coffman
kwc at citi.umich.edu
Thu Jul 26 10:57:57 EDT 2007
On 7/26/07, Ido Levy <IDOL at il.ibm.com> wrote:
>
> Hello All,
>
> I am trying to better understand what does it means kerberized NFS and how
> it should behave when a user login to a system that supports it.
> I am using NFS V4 and Kerberos V5, when issuing the mount command from the
> client side I am using sec=krb5.
>
> I have experienced the following scenarios and would like to know if it's a
> proper system behavior.
>
> Scenario 1
>
> A user that has a kerberos principal perform a login to a machine and get a
> ticket ( klist shows both nfs and user tickets ).
> When issue df the user can see the NFS mount point and can also cd, ls and
> write files to the space he owns in the NFS mount.
>
> Then ( at this point I am not sure things go right ) the user issue
> kdestroy and still can execute all this actions ( cd, ls, write ... ).
>
> Scenario 2
>
> A user that doesn't have a kerberos principal login to a machine using
> local authentication and of course don't get a kerberos ticket.
> When issue df it shows permission denied in the line describing the NFS
> mount.
>
> I would appreciate your advice, I assume scenario 2 described a proper
> system behavior but I am not sure regarding scenario 1.
Yes, these are both normal system behavior. See question 6 here:
http://www.citi.umich.edu/projects/nfsv4/linux/faq/#kerberos
K.C.
More information about the NFSv4
mailing list