How to set up NFS client for Kerberized access in Solaris

Wyllys Ingersoll wyllys.ingersoll at sun.com
Thu May 6 15:13:41 EDT 2004


Alok Gore wrote:

>
>
>Yes! In fact, that was the first source of my information.
>I have done everthing including the set-up of gsscred table
>only two things are not clear to me in the doc.
>1) My KDC and the NFS Client server are not time-synchronized. But I
>have set the time manually on those machines which is almost matching.
>   But if that *can* create problems like this, I will do a set-up for
>running NTP  on those machines. Should I ?
>  
>
As long as they are within 5 minutes of each other you should be fine.

>2) Somewhere in the SEAM configuration Doc they say: Two KDCs are must
>for SEAM to work,
>  
>

I think you are misunderstanding or the doc is wrong.

You only need 1 KDC and 1 admin_server setting, its good to have 2
in a production environment "just in case", its not a requirement, though.

>    Even in my kerberos set-up (during installation) I was forced to
>enter two KDC host names (I have kept both same)
>        [realms]
>        NFS-REALM = {
>                kdc = nfstest5.blr.novell.com
>                kdc = nfstest5.blr.novell.com
>                admin_server = nfstest5.blr.novell.com
>        }
>   Does it matter ?
>  
>

No.

-Wyllys



More information about the Kerberos mailing list