Solaris 10, secure nfs, permission denied

Will Fiveash William.Fiveash at sun.com
Wed May 21 16:06:52 EDT 2008


On Wed, May 21, 2008 at 12:46:34PM -0500, Will Fiveash wrote:
> On Tue, May 20, 2008 at 05:17:11PM -0500, Will Fiveash wrote:
> > Second, the nodename/hostname associated with a Solaris system should
> > be short form.  For example when running the /usr/bin/hostname command
> > the output should be something like:
> > 
> > $ /usr/bin/hostname
> > foo
> > 
> > not foo.bar.com.  Sadly this isn't documented as clearly as it should be
> > in the Solaris system admin guides.  In addition Solaris krb currently
> > requires DNS be enabled on the system.
> 
> I was premature posting the above info.  I'm currently working on
> getting a definitive answer to what form of hostname is acceptable for
> configuring Solaris and I will post whatever I find out here.  So please
> hold off making any changes to Solaris configurations if people were
> considering doing so based on my earlier post.

After talking with several people at Sun the answer I have is that this
is a very old interface which has traditionally been set with the short
form of a hostname.  It may be okay to set the system hostname/nodename
to the long form FQDN however there may be some software that expects
the hostname/nodename to be the short form and break if it isn't. 

So for people who have Solaris systems with FQDN hostnames don't worry
about it unless something breaks but if one wants to play it safe, use
the short form hostname/nodename when configuring Solaris.  "man
nodename.4" for more information.

Note, I tried configuring a KDC on a Solaris system configured with a
FQDN hostname and it works fine as well as a NFS sec=krb5 mount.

-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/



More information about the Kerberos mailing list