How to set up NFS client for Kerberized access in Solaris

Alok Gore alokgore at rediffmail.com
Mon May 3 04:45:39 EDT 2004


Hi Group,

 This is Alok Gore from Bangalore India.
I was trying to set up Kerberized NFS client-server environment in my
LAN.
I am using Solaris 8 machines as NFS client/server and Linux machine
as the KDC (MIT KDC).

I installed the SEAM packages needed for the Kerberized NFS Setup on
the machine.
I am able to export a path from NFS Server with Krb5 Security mode.

#share
-               /alok/1   rw   ""
-               /alok/2   sec=krb5   ""


I am able to mount this path from the Client machine with Krb5
Security mode.

#mount -o sec=krb5 nfs-alok:/alok/2 /nfs
#mount 
/nfs on nfs-alok:/alok/2 remote/read/write/setuid/sec=krb5/dev=2e40006
on Mon May  3 09:02:27 2004


But I can't access/list the mounted directory. It says permission
denied.

#ls /nfs
/nfs: Permission denied

I have the nfs.server-hostname at REALM-NAME principal for the nfs server
in KDC and I have the keytab file containing this principal on the
server. The KDC also has a principal root.client-hostname at REALM-NAME
for client. Am I missing something ?

I am not seeing any traffic on the wire when I get this permission
denied message. (May be the client decides locally that it does not
have enough rights to authenticate itself to NFS Server)

Is it because I am using MIT KDC ?? 

Thanks in advance,
 -Alok Gore.


More information about the Kerberos mailing list