Problem in access NFSv4 space as the root user when using krb5 security flavor

Kevin Coffman kwc at
Tue Oct 16 09:35:23 EDT 2007

On 10/16/07, Ido Levy <IDOL at> wrote:
> Hello All,
> We are trying to understand the behavior of a system that support automount
> by NFSv4 with security flavor krb5.
> We have both Linux and AIX clients and when logging to these clients as the
> root user we have noticed that:
> 1) From the Linux client  as the "root" user  we are able to access (cd,
> ls, df )  NFSv4 mount point without any kerberos ticket.
> 2) From the AIX client as the "root" user without any kerberos ticket we
> got "permission denied" error  when trying to cd to the mount point and its
> sub-dirs.
> We are using AIX-5.3 as NFSv4 server and RHEL 5/AIX-5.3 as NFSv4 clients.
> We are wondering what should be the normal behavior of such scenario.
> We would appreciate your advice

This is more an NFS question than a Kerberos question.  The reason
that access works on Linux is that the current default behavior on
Linux is to always use the machine credentials (the nfs/<hostname>
keytab) on the client for accesses from root.  This behavior can be
disabled, which then requires that root obtain Kerberos credentials
before mounting.


More information about the Kerberos mailing list