Kerberos and NFS V4 Configuration
kwc at citi.umich.edu
Thu Oct 12 13:39:08 EDT 2006
This is probably best discussed on nfsv4 at linux-nfs.org
Enabling verbose output from rpcgssd (-vvv) on the linux client might
give a hint to the problem.
On 10/12/06, Keagle, Chuck <chuck.keagle at boeing.com> wrote:
> Here is one we would like to figure out how to resolve or work around.
> The KDC is running on AIX Major Release 3.
> Kerberos is used to access data on NFS V3 and NFS v4 file
> Exported filesystems are also on AIX 3.
> AIX specific Process Group Authentication maps NFS V4 encryption
> keys and Kerberos keys together.
> Other AIX systems allow access to NFS V3, NFS V4 unencrypted,
> and NFS V4 encrypted data.
> In setting up RedHat RHEL WS 4.3 to access Kerberos controlled data
> from the AIX KDC, NFS V3 and NFS V4 unencrypted mounts become
> When trying to mount over NFS V4 with encryption, the mount options are:
> rw,hard,intr,proto=tcp,port=xxxx,sec=krb5,noauto 0 0
> Note that the xxxx represents the correct port number.
> When trying to mount a file system from the KDC on RHEL WS 3.4, the
> following error appears:
> mount: block device hostname:/filesystem is write-protected,
> mounting read-only
> mount: cannot mount block device hostname:/filesystem read-only
> Note that hostname and filesystem represent other correct but
> sensitive information.
> I'm wondering if this is stumbling over that AIX specific Process
> Authentication Group issue between Kerberos encryption and NFS V4
> encryption. Is there a way to overcome this? Hopefully just on the
> client. If changes have to also be made on KDC, it will be a tough
> Not all who wander are lost.
> | ---- ___o | chuck.keagle at boeing.com
> Chuck Keagle | ------- \ <, | Work: (425) 865-1488
> Enterprise Servers: HPC | ----- ( )/ ( ) | Cell: (425) 417-3434
> <<Keagle, Chuck.vcf>>
> Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos