Kerberos+NFS4

steve steve at steve-ss.com
Wed Jul 31 06:14:28 EDT 2013


On Wed, 2013-07-31 at 11:05 +0200, Andreas Hauffe wrote:
> Yes, it is a OpenSuSE 12.3 client. So this means, this is a completely normal 
> behaviour?
> 
> Andreas

Hi
I don't think that's normal. we have nfs3 and nfs4 kerberised mounts and
local root cannot access them. The only users who should be able to
access the share are those not only with valid tickets but also with
correct access rights; those determined by the acl on the share. Local
root is squashed by default anyway so unless you export it
no_root_squash he can't even access a conventionally mounted share.

A lot depends on what you have in /etc/exports, fstab, mount command or
autofs.
Sorry can't be of more help.





More information about the Kerberos mailing list