kerberized NFS
Yuri Pankov
yuri.pankov at gmail.com
Fri Jan 27 18:33:07 UTC 2012
On Fri, Jan 27, 2012 at 06:58:47PM +0100, Giulio Ferro wrote:
> I'm trying to setup a kerberized NFS system made of a server and a
> client (both freebsd 9 amd64 stable)
>
> I've tried to follow this howto:
> http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
>
> But couldn't get much out of it.
>
> First question : is this howto still valid or something more recent
> should be followed? I've searched with Google but I've come up empty.
>
> I've set up kerberos heimdal, created the dns entries for both
> client and server, set up krb5.keytab and copied it to client, set
> up nfs4 according to man nfsv4:
>
> (server)
> cat /etc/exports
> V4: /usr/src -sec=krb5:krb5i:krb5p
>
> and then tried to mount it from the client:
>
> mount_nfs -o ntfsv4,sec=krb5i,gssname=nfs
> nfsinternal1.dcssrl.it:/usr/src /usr/src
>
> but it failed with :
> [tcp] nfsinternal1.dcssrl.it:/usr/src: Permission denied
>
> Can you point me to something that I might have got wrong?
Not really related to Kerberos question, but.. Some problems here:
- ntfsv4 - probably a typo
- more serious one - V4: line specifies the ROOT of NFSv4 exported FS
- nfsinternal1.dcssrl.it:/usr/src points to /usr/src/usr/src.
What you /etc/exports could look like (the way it works for me, doesn't
mean that it's correct though):
/usr/src <options> <v3hosts>
V4: / -sec=krb5:krb5i:krb5p <v4hosts>
Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20120127/2c274f51/attachment.pgp
More information about the freebsd-net
mailing list