Hi Ralph, Op 15-01-15 om 00:12 schreef Ralph Zack: > Hi all, > > I have a number of NFSv4 shares which should only be accessible after > successful authentication, for which reason they are exported with > sec=krb5p. However, this method requires the user to obtain a kerberos > ticket to access files on the share, which is fine for regular users but > causes issues for daemons which are not kerberos-aware. > > What is the common way to handle this problem? It can hardly be the only > solution to patch each service to obtain a ticket at startup. Please > correct me if I'm wrong, but I could not find any mechanism besides > kerberos that provides encryption and authentication for NFS shares. I'd > be fine with authentication on a host level, I mainly want to ensure > that only trusted machines can accesses these shares and that all > traffic is encrypted. Without the overhead of establishing a VPN > connection between client and server, in case anyone was going to > suggest that ;) I've once seen that something like this makes a ticket: su -c "echo password | kinit user" user But never used it in reality. Maybe you can ask this question better in the Kerberos mailinglist. I think this is not a good solution... With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl/ -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
