On Thursday, January 15, 2015 12:12:01 AM Ralph Zack wrote: > I have a number of NFSv4 shares which should only be accessible after > successful authentication, for which reason they are exported with > sec=krb5p. However, this method requires the user to obtain a kerberos > ticket to access files on the share, which is fine for regular users but > causes issues for daemons which are not kerberos-aware. > > What is the common way to handle this problem? It can hardly be the only > solution to patch each service to obtain a ticket at startup. Please > correct me if I'm wrong, but I could not find any mechanism besides > kerberos that provides encryption and authentication for NFS shares. I'd > be fine with authentication on a host level, I mainly want to ensure > that only trusted machines can accesses these shares and that all > traffic is encrypted. Without the overhead of establishing a VPN > connection between client and server, in case anyone was going to > suggest that I use GSS-Proxy for this: https://fedorahosted.org/gss-proxy/ -A -- Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
Attachment:
signature.asc
Description: This is a digitally signed message part.
