How to set up NFS client for Kerberized access in Solaris

Alok Gore alokgore at rediffmail.com
Thu May 6 06:22:04 EDT 2004


>I don't like realms that aren't upper case fully qualified domain
>names (fqdns). Your is upper case but not a fqdn. I can't say for
sure
>when I was leading the SEAM team at Sun that this was ever attempted.
>Wyllys might know if this works.

I'll try with the fqdn as the realm name.

spamisevi1 at yahoo.com (Mike Eisler) wrote in message 
> The other thing is that you are showing the klist output on the
> NFS server. We need to klist output for the client.
> (nfs-alok.blr.novell.com).
> kinit'ing to root/<client name> on the NFS server is of no use.

Looks like there has been a misunderstanding. I gave the setting both
on client and server. I am having the keytab containing the
nfs-serverice's principal *both* on client and server (I know that
SEAM Docs do not mandate this keytab on the client machine, but there
is harm either). I have done kinit on server for root/server-hostname
and have done kinit on client for root/client-hostname.

(All those lines that start with #client are the commands executed on
the client machine and all those line starting with #server are
commands on server)

nfs-alok was the hostname for nfs server
and 
dharma was the hostname for nfs client.

To summarise this, my settings are:
  On Client :
              1) Have keytab file containing *nfs-service* principal
              2) I have done kinit for root/client-hostname.

  On Server:
              1)  Have keytab file containing *nfs-service* principal
              2)  I have done kinit for root/server-hostname.


Regards.
 -Alok.


More information about the Kerberos mailing list