On Tue, May 25, 2010 at 4:37 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > On Tue, May 25, 2010 at 02:24:07PM +0100, David Greaves wrote: > > FYI I've made an attempt to update this page: > > http://wiki.linux-nfs.org/wiki/index.php/Enduser_doc_kerberos > > > > If someone could please take a look and correct any errors I've made that > > would be nice. > > > > Some questions: > > * should a client have an nfs/<fqdn> principal (it works without) > > I'm actually not sure what the latest client requires--I thought it > still needed some kind of machine credential on the client. Kerberos mounts can be done w/o a machine credential, but root (or the user doing the mount) must obtain credentials somehow. To be workable, I would think that a keytab of some kind is required (with a cron using it to keep credentials fresh). > > * Is the "allow_weak_crypto=true" part still correct? > > Yes, unless you're running the very latest (unreleased) upstream kernel > and nfs-utils, which includes support for stronger crypto. > > --b. > -- -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
