Kerberos to file server
Michael Collette
metrol at metrol.net
Mon Aug 4 16:30:26 PDT 2003
On Wednesday 30 July 2003 03:53 pm, Michael Collette wrote:
> I've got this AS/400 with gobs of unused file storage on it that I want to
> share across as a file server to a FreeBSD box. The AS/400 side of things
> supports NFS and kinda pretends to be a Unix like machine in this role.
Since I've received a number of off list replies to this I thought I'd post
some additional information about what all I've dug up. Still not working
yet, but getting a little smarter about this. Sorry if this folks think this
is off-topic, but as this involves both authentication and authorization to a
foreign system I still believe this is applicable.
As was pointed out to me on and off list, I can connect to the shared NFS
files on the AS/400 without Kerberos. The next obvious problem (obvious to
me now) is the issue of file ownership. Just getting a connection across
doesn't provide any user id mapping by itself.
This is where IBM's EIM (Enterprise Identity Manager) kicks in. It provides
for a user name translation table so a user on one system is a user on all.
In order to make use of EIM a Kerberos based authentication needs to take
place. Apparently once this happens, FreeBSD users become AS/400 users in so
far as file ownership goes.
For those who may be interested:
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzalv/rzalvmst.htm
That's all of what I've managed to dig up thus far. Here's where I'm lost.
The FreeBSD Handbook has a Kerberos tutorial, but it's apparently out of date
or something just ain't right.
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kerberos.html
First thing it asks me to do is initialize the Kerberos database with the
"kdb_init" command. I don't have a kdb_init command on this system. I then
just installed the krb5 port, and it doesn't have that command either.
Double checked the package list.
It looks like a number of things don't match up to the tutorial. Is there
some new procedure out there to configure a Kerberos enabled machine, or am I
just missing some key component in a perfectly fine tutorial?
Thanks,
--
"In theory, there is no difference between theory and practice.
In practice, there is."
- Yogi Berra
More information about the freebsd-security
mailing list