How to set up NFS client for Kerberized access in Solaris
Alok Gore
alokgore at rediffmail.com
Thu May 13 02:30:12 EDT 2004
I took the snoop traces and saw that the client was indeed asking for
wrong ticket during mount.(Because of some goof up in the /etc/hosts )
I corrected that and now I am able to see the nfs service ticket after
I mount the remote path on the client machine.
Now Server has the ticket for nfs service in the keytab file and the
client has obtained the nfs service ticket during mount operation.
I am not able to cd to the mounted path even now !
I analysed the traces between the NFS client and the NFS Server. After
getting the nfs service ticket, the Client should try to establish
Context by making an RPC null proc call in RPCSEC_GSS authentication
flavour. This is not happening.
Looks like the client has decided locally abt the insufficient rights
(??).
>>- make des-cbc-crc the default encryption type for both client and
server
>> (in krb5.conf)
I tried doing this. Same result.
But I am not sure abt one thing:
The RPCSEC_GSS implentation defines 390003 as the krb5 security
flavour and this uses *DEC,MAC,MD5* triplet as the algorithm for
authentication,integrity and privacy.
But the des-cbc-md5 mode is not supported by the KDC(MIT KDC running
on Linux machine) could this be a reason for the failure ?
Will moving to a Solaris KDC help ?
Can I get any link to set up solaris KDC (I install the SEAM package
and followed the instructions in the installation to set up the Master
KDC but the KDC start-up failed)
>>kadmind[305](Error): Unknown code 2 while initializing, aborting
>>krb5kdc: Cannot find/read stored master key - while fetching master
key K/M >>for realm NFS-REALM
More information about the Kerberos
mailing list