RedHat Enterprise 4 (workstation) & Kerberized NFS
Steve Dickson
SteveD at redhat.com
Fri Jul 27 11:15:44 EDT 2007
Roy S. Nielsen wrote:
>>> Hello Jeff -
>>>
>>> Ahh. K5p & RHEL4 is required. No choice. Do you suggest I start
>>> backporting?
>>>
>>> Thanks,
>>> -Roy
>>>
>> Actually, I'd suggest RHEL5 for all of this. krb5p is present and
>> working there already. Unless you have specific need for RHEL4, you
>> should really be working with RHEL5.
>
> Hello Jeff - I would love to use RHEL5, but we have an overwhelming
> Business Requirement/Need for RHEL4 with K5p & RHEL4 - not my call to make
> unfortunatly.
OK... So I would suggest you start from the top down... Get the
latest and greats libs and daemon from CITI (or use the
nfs-utils in Fedora 7) since they have the best debugging plus
that will give you the mounting bits needed...
The RHEL5 nfs-utils would also work since that also has
the better debugging...
Then start with this git commit:
commit 14ae162c24d985593d5b19437d7f3d8fd0062b59
Author: J. Bruce Fields <bfields at fieldses.org>
Date: Thu Oct 13 16:55:13 2005 -0400
RPCSEC_GSS: Add support for privacy to krb5 rpcsec_gss mechanism.
Add support for privacy to the krb5 rpcsec_gss mechanism.
Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
It also might be a good idea to do diff of a RHEL4 and RHEL5
kernels (or CENTOS if need be) and look for all the diffs
particular in the net/sunrpc and net/sunrpc/auth_gss directories
since there has been a number of improvements upcall
mechanisms....
>
> Let me make sure I understand the different levels of encryption:
>
> Summarized from Netapp's 3481 document
>
> k5 = kerberized authentication (required)
>
> k5i = Provides a cryptographic checksum of the data portion of each
> request and the response message to each request.
>
> k5p = Encrypts the contents of packets bi-directionally, including
> procedure arguments and user data, using a shared session key established
> by the client from the NetApp storage system.
This is correct...
Good luck... and may the force be with you!! :)
steved.
More information about the NFSv4
mailing list