About the purpose of client host principals for NFS
Simo Sorce
simo at redhat.com
Mon Oct 9 10:28:45 EDT 2023
On Sun, 2023-10-08 at 03:03 +0200, Marco Rebhan via Kerberos wrote:
> On Saturday, 7 October 2023 22:15:32 CEST Russ Allbery wrote:
> > [..]
>
> That clears up a lot, thank you so much!
Keying clients is useful to allow mount at boot time, before any user
with valid credentials has logged in, as well as for NFS 4.0 only (doe
snot apply to earlier protocol version nor to 4.1 and later) to do some
callback calls to the server where the protocol does not know what user
to use.
It is not strictly needed, if you use autofs for homes for example you
can live w/o a client service principal.
HTH,
Simo.
--
Simo Sorce,
DE @ RHEL Crypto Team,
Red Hat, Inc
More information about the Kerberos
mailing list