How to set up NFS client for Kerberized access in Solaris
Alok Gore
alokgore at rediffmail.com
Thu May 6 06:22:04 EDT 2004
>I don't like realms that aren't upper case fully qualified domain
>names (fqdns). Your is upper case but not a fqdn. I can't say for
sure
>when I was leading the SEAM team at Sun that this was ever attempted.
>Wyllys might know if this works.
I'll try with the fqdn as the realm name.
spamisevi1 at yahoo.com (Mike Eisler) wrote in message
> The other thing is that you are showing the klist output on the
> NFS server. We need to klist output for the client.
> (nfs-alok.blr.novell.com).
> kinit'ing to root/<client name> on the NFS server is of no use.
Looks like there has been a misunderstanding. I gave the setting both
on client and server. I am having the keytab containing the
nfs-serverice's principal *both* on client and server (I know that
SEAM Docs do not mandate this keytab on the client machine, but there
is harm either). I have done kinit on server for root/server-hostname
and have done kinit on client for root/client-hostname.
(All those lines that start with #client are the commands executed on
the client machine and all those line starting with #server are
commands on server)
nfs-alok was the hostname for nfs server
and
dharma was the hostname for nfs client.
To summarise this, my settings are:
On Client :
1) Have keytab file containing *nfs-service* principal
2) I have done kinit for root/client-hostname.
On Server:
1) Have keytab file containing *nfs-service* principal
2) I have done kinit for root/server-hostname.
Regards.
-Alok.
More information about the Kerberos
mailing list