NFS4 & Kerberos, dualboot, users in different realms

harry harry at
Thu Jan 20 09:07:02 EST 2011


I'm reading documentation about Kerberos, NFS and getting this stuff 
together working but I'm a bit questionning myself about a particular 

I have workstations in dualboot, Windows is attached to an Active 
Directory and an Ubuntu with user authentication on Active Directory 
domain controllers through Kerberos.

Then, I have a NetApp filer which serves CIFS shares and NFSv4 shares.

I would like static NFS mount, for exemple /home/students, then when a 
student logs in the workstation, uses his Kerberos auth/ticket to grab 
authorisation in order to read/write NFS share and his home dir ie 

It works like a charm on a linux system which has been added to the AD 
with the tool mskutil.

But, in dualboot situation, msktutil rewrites workstation 
keytab/password and then Windows can't reauth itself to the domain. And 
I don't want to trash my AD with multiple host accounts or user account 
for a linux host.

A thread in this group talk about a solution to this problem. It uses 
the same password between linux and windows attachment to the AD 
Kerberos realm.

But, I was looking to a different solution which consists in building a 
different realm (Unix MIT for example) which could be used to 
authenticate nfs/ and host/ role of the linux system and the Active 
Directory to authenticate Windows systems and users.

Is there a way, through cross-realm configuration, to get that working ?

I thought about an inter-realm configuration between my two realm (MIT 
for example and the AD one). But as the NetApp filer can't be configured 
with multiple realm for NFS service I don't see how it could work.

Where am I wrong ? What could be a pretty solution to my problem ?

Thank you for your advices

More information about the Kerberos mailing list