Kerberos and NFS V4 Configuration
Keagle, Chuck
chuck.keagle at boeing.com
Thu Oct 12 13:24:07 EDT 2006
Here is one we would like to figure out how to resolve or work around.
The KDC is running on AIX Major Release 3.
Kerberos is used to access data on NFS V3 and NFS v4 file
systems.
Exported filesystems are also on AIX 3.
AIX specific Process Group Authentication maps NFS V4 encryption
keys and Kerberos keys together.
Other AIX systems allow access to NFS V3, NFS V4 unencrypted,
and NFS V4 encrypted data.
In setting up RedHat RHEL WS 4.3 to access Kerberos controlled data
from the AIX KDC, NFS V3 and NFS V4 unencrypted mounts become
accessible.
When trying to mount over NFS V4 with encryption, the mount options are:
rw,hard,intr,proto=tcp,port=xxxx,sec=krb5,noauto 0 0
Note that the xxxx represents the correct port number.
When trying to mount a file system from the KDC on RHEL WS 3.4, the
following error appears:
mount: block device hostname:/filesystem is write-protected,
mounting read-only
mount: cannot mount block device hostname:/filesystem read-only
Note that hostname and filesystem represent other correct but
sensitive information.
I'm wondering if this is stumbling over that AIX specific Process
Authentication Group issue between Kerberos encryption and NFS V4
encryption. Is there a way to overcome this? Hopefully just on the
client. If changes have to also be made on KDC, it will be a tough
road.
Thanks.
----
Not all who wander are lost.
| ---- ___o | chuck.keagle at boeing.com
Chuck Keagle | ------- \ <, | Work: (425) 865-1488
Enterprise Servers: HPC | ----- ( )/ ( ) | Cell: (425) 417-3434
http://card.web.boeing.com/Webcard.cfm?id=73990
<<Keagle, Chuck.vcf>>
More information about the Kerberos
mailing list