Solaris 10, secure nfs, permission denied

Will Fiveash William.Fiveash at sun.com
Mon May 19 22:14:06 EDT 2008


On Mon, May 19, 2008 at 01:15:48PM -0700, Borislav_S wrote:
> 
> According to the log below and your klist output you have not
> performed step 2a from the "How to Access a Kerberos Protected NFS
> File System as the root User" section here
> http://docs.sun.com/app/docs/doc/816-4557/setup-148?a=view. It is also
> listed as an optional step 6b in the  "How to Manually Configure a
> Kerberos Client" section on the same page. Hope this is helpful.
> Thanks.

Creating a root principal is not needed for mounting a NFS share
protected by krb.  That is only needed if a user wants to access a NFS
sec=krb5* share as root.  In general it's better not to have a root
principal unless there is a specific need.  Note that Solaris krb will
fall back to automatically acquiring a krb cred via the host/<FQDN>
entry in /etc/krb5/krb5.keytab if it exists when it is determined that a
krb cred is needed by root as is the case when doing a mount of a NFS
sec=krb5* share.

-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/



More information about the Kerberos mailing list