Kerberos to file server
Matt Piechota
piechota at argolis.org
Wed Jul 30 18:27:49 PDT 2003
On Wed, 30 Jul 2003, Michael Collette wrote:
> From what I've read thus far it "seems" that configuring Kerberos
> between the two is the way to go about this. The handbook talks about
> setting up a remote loging kind of thing, but nothing about how to
> handle NFS permissions. I also don't quite get how to automate the
> process of authenticating and mounting upon initial login.
>
> Question 1: Am I heading down the right road, or are there other options
> I should be considering first?
What you're doing should work just fine. I can't see any difference
between a netbooted client and a regular PC client.
> Question 2: If I'm on the correct path where should I look for some kind
> of a tutorial for the mechanics of getting this to happen?
NFS doesn't really /do/ permissions, so the easiest (and probably least
safe) is to export as400:/home to all the clients, and make it
root-writable to the FreeBSD master server. All the clients would
individually mount the NFS share from as400 on boot, and since the FreeBSD
box has root-write, you can manage the files from it. The as400 wouldn't
even need to know about the users at all (unless as400's nfs has rules
about uids having to match something in its own password file, which
isn't standard).
A safer way would be to use AFS, since it does proper authentication, but
I have no idea if as400 would make a nice AFS server.
And this isn't strictly speaking a freebsd-security@ question, for that
matter. Reply to me directly if you have questions.
--
Matt Piechota
More information about the freebsd-security
mailing list