NFS (Network File System) protocol

NFS stands for Network File System protocol.

This page will serve as an entry point for all things NFS within CSCF.

Mounting NFS Filesystems using Kerberos Security

A preliminary examination of http://nfsworld.blogspot.com/2005/06/using-active-directory-as-your-kdc-for.html would seem to be advisable.

This section is incomplete and assumes you have the general notes AD interaction with UNIX.

Questions include whether the NFS server still has to have general host permissions setup, i.e., based only on IP addresses?

  • Run apt-get install nfs-common.
  • Edit /etc/default/nfs-common and set both NEED_IDMAPD and NEED_GSSD to yes.
  • Create an account in AD representing the nfs service principal and generate a keytab file.
  • Merge the keytab file with /etc/krb5.keytab:
      # ktutil
      ktutil: rkt /location/of/nfs-keytab
      ktutil: l
      slot KVNO Principal
      ---- ---- ---------------------------------------------------------------------
         1    2 nfs/krbtux.student.cs.uwaterloo.ca@STUDENT.CS.UWATERLOO.CA
      ktutil: wkt /etc/krb5.keytab
      ktutul: quit
      # ktutil
      ktutil: rkt /etc/krb5.keytab
      ktutil: l
      slot KVNO Principal
      ---- ---- ---------------------------------------------------------------------
         1    2 host/krbtux.student.cs.uwaterloo.ca@STUDENT.CS.UWATERLOO.CA
         2    2 nfs/krbtux.student.cs.uwaterloo.ca@STUDENT.CS.UWATERLOO.CA
      ktutil: quit

  • Mount a file system with something like mount -t nfs -o sec=krb5 fileserver:/path /path

External Links

-- WalterTautz - 10 Jun 2008

Topic revision: r3 - 2008-06-13 - WalterTautz
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback