[Freeipa-users] kerberized nfsv4 client
natxo asenjo
natxo.asenjo at gmail.com
Wed Aug 28 11:00:24 UTC 2013
On 08/28/2013 12:00 PM, Ondrej Valousek wrote:
> Because with NFS (v3 or v4) it is a bit more complicated.
> With smbclient, you are actually not "mounting" the filesystem so that the smbclient is happy with just your TGT.
>
> With NFS, you typically need two tickets:
> 1. one host (or nfs) so that root can mount the filesystem using Kerberos security
even though one mounts it from autofs? When using autofs from
/net/host/share I can do that as non-root.
> 2. second user TGT so that you can actually read the (already) mounted filesystem
>
> But you can run gssd with the -n argument which tells it not to look for SPNs (actually this is not SPN, we are talking about UPN in this case), but take a TGT from already pre-created kerberos database in /tmp
>
> So yes, with a bit of effort you can use kerberized NFS even from a client not joined to IPA domain.
ok, nice to know.
--
groet,
natxo
More information about the Freeipa-users
mailing list