How to set up NFS client for Kerberized access in Solaris
Rick Macklem
rmacklem at uoguelph.ca
Tue May 4 12:34:56 EDT 2004
alokgore at rediffmail.com (Alok Gore) wrote in message news:<a9877ca0.0405040030.5b665945 at posting.google.com>...
> Thanks a lot for the response! :)
>
> You asked:
> >Are you using nfs.server-hostname at REALM-NAME or
> nfs/server-hostname at REALM-NAME?
> >The latter is known to work. Ditto root.client-hostname at REALM-NAME
> versus
> >root/client-hostname at REALM-NAME.
>
> I am using nfs/server-hostname at REALM-NAME and
> root/client-hostname at REALM-NAME
> I have the keytab file containing the pricipal
> nfs/server-hostname at REALM-NAME copied on to the server and I have done
> kinit on the client. I can see the
> root/client-hostname at REALM-NAME principal when I do a klist on the
> client.
>
> But I have a confusion! By looking at the principals you can not
> distinguish between the pricipal for a service and a principal for a
> user. Does it matter ?
>
Solaris seems to do the Principal for root as a separate case.
ie: root/client-hostname.dns.domain at REALM
instead of
root at REALM
But, it sounds like you have things set up ok. One other thing is that, I
believe, root will still be mapped to nobody, so it may just be that "nobody"
doesn't have access to the mount point. You might try opening up the
permissions on the mount point on the server or mapping root->root and see
if that helps. (Or try a user other than root on the client.)
Good luck with it, rick
More information about the Kerberos
mailing list