Problem in access NFSv4 space as the root user when using krb5 security flavor
Kevin Coffman
kwc at citi.umich.edu
Tue Oct 16 09:35:23 EDT 2007
On 10/16/07, Ido Levy <IDOL at il.ibm.com> wrote:
>
> Hello All,
>
> We are trying to understand the behavior of a system that support automount
> by NFSv4 with security flavor krb5.
> We have both Linux and AIX clients and when logging to these clients as the
> root user we have noticed that:
>
> 1) From the Linux client as the "root" user we are able to access (cd,
> ls, df ) NFSv4 mount point without any kerberos ticket.
> 2) From the AIX client as the "root" user without any kerberos ticket we
> got "permission denied" error when trying to cd to the mount point and its
> sub-dirs.
>
> We are using AIX-5.3 as NFSv4 server and RHEL 5/AIX-5.3 as NFSv4 clients.
> We are wondering what should be the normal behavior of such scenario.
>
> We would appreciate your advice
This is more an NFS question than a Kerberos question. The reason
that access works on Linux is that the current default behavior on
Linux is to always use the machine credentials (the nfs/<hostname>
keytab) on the client for accesses from root. This behavior can be
disabled, which then requires that root obtain Kerberos credentials
before mounting.
K.C.
More information about the Kerberos
mailing list