How to set up NFS client for Kerberized access in Solaris

Wyllys Ingersoll wyllys.ingersoll at sun.com
Tue May 4 15:46:12 EDT 2004


Alok Gore wrote:

> I was looking at a thread which is abt using kerberos 4 for NFS client
>
>server communication on Solaris.
>(Reffer To: http://groups.google.com/groups?selm=rns.812460270%40deakin.edu.au&oe=UTF-8&output=gplain)
>I know that this discussion does not fully apply to me because I am
>using krb5 and RPCSEC_GSS mechanisms, but some things may be similar.
>
>Mainly I was able to see these *cookbook* tips for setting it up
>  
>

These are mostly all wrong.  Ignore them.

>
> * must run "kerbd" process on both NFS client and NFS server
> * must be running a Kerberos *V4* server
> * export the filesystem with kerberos authentication enabled:
> * obtain "root.client" ticket-granting ticket on the client:
>	client# kinit root.client
> * mount the filesystem on the client, with the kerberos option:
>         client# mount -o rw,kerberos server:/export/xxx /mnt
>
>  
>

That information is *VERY* old and out of date.  SEAM does not
support any Kerberos 4 operation.  Check out the SEAM documentation
at http://docs.sun.com (search for SEAM and look in the Solaris 8
administration guide since you seem to be using Solaris 8).

>The above mount command will obtain an "nfs.server" service ticket
>from the kerberos server.  You can very this with "klist".
>
>I am worried abt two things: 
>1) I don't have anything like the "kerbd" that is mentioned here.
>  
>

Thats because kerbd is an old Kerberos V4 daemon that is not supported
in Solaris or SEAM.  You are getting confused because the docs you
referenced are not accurate and do not describe configuring
Solaris 8 SEAM.

>2) I am not getting the nfs/server-hostname ticket after doing a
>mount.
>  
>
>Can you help ?
>
>  
>
Read the documentation on our web site.  You will find detailed, 
step-by-step
instructions for configuring Kerberized NFS.

-Wyllys



More information about the Kerberos mailing list