Accessing Kerberos NFS version 4 (not 2, 3) via /net automounter with kinit only (no /etc/krb5.conf access)
Will Fiveash
will.fiveash at oracle.com
Tue Apr 15 17:48:49 EDT 2014
On Tue, Apr 15, 2014 at 02:34:11PM -0500, Nico Williams wrote:
> On Tue, Apr 15, 2014 at 2:22 PM, Will Fiveash <will.fiveash at oracle.com> wrote:
> > But if this is a work laptop, which is typically a single user system
> > and operates as a client in various contexts, requiring IT provision it
> > with a keytab seems onerous to me. Note that a Solaris NFS v3 client
> > does not require root have a krb cred to operation, even when
> > automounting -- it only requires the user that triggered the automount
> > have a krb cred.
>
> What should happen is that there should be a way to enroll a device.
If a keytab is really needed. On the otherhand, if a laptop is only
acting as a client then why bother? Assuming the logged-in user has a
way of acquiring their krb cred that's all they should need if the
laptop is acting as a NFS, ssh or any other client that tries to do
gss/krb auth.
--
Will Fiveash
Oracle Solaris Software Engineer
More information about the Kerberos
mailing list