On 04/02/12 21:50, Liam Gretton wrote:
I have a related question, and like the OP I was reluctant to ask here
as it's not a dev question, but I can't find any other suitable forum.
Has ANYBODY got kerberised NFS working where the KDC is Active
Directory on a Windows 2008 R2 system? With 2008 R2, DES encryption
for Kerberos is no longer enabled.
Our AD admins are understandably not keen to go against the
recommended behaviour and enable DES just for this service (it needs
to be enabled globally across the domain).
I can't find any documentation about Kerberised NFS that looks more
recent than about 2006. That coupled with what I can see in the
sources suggest that there's little development in this area, so I
suspect the answer is that nobody has managed what I'm trying to do.
Hi Liam
I am the OP. We really do need some down to earth and up to date info on
NFS4. More to the point, it needs to be all in one place, rather than
having snippets all around the Internet. I'm not a tecchie but maybe I
could put together a readable howto if there was enough demand.
We have kerberized nfs4 working against Samba 4. There seem to be
different flavours of des. The Samba 4 Kerberos produced these server
keys for our test domain:
1 nfs/hh3.hh3.site@xxxxxxxx (des-cbc-crc)
1 nfs/hh3.hh3.site@xxxxxxxx (des-cbc-md5)
1 nfs/hh3.hh3.site@xxxxxxxx (arcfour-hmac)
We put together a howto which includes the nfs4 stuff here:
http://linuxcostablanca.blogspot.com/p/samba-4.html
HTH a little
Cheers,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
