[Freeipa-users] HBAC rules for NFS
Alexander Bokovoy
abokovoy at redhat.com
Fri Jul 1 20:59:21 UTC 2016
On Fri, 01 Jul 2016, Joanna Delaporte wrote:
>I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am
>starting to wonder if I don't have HBAC rules set up correctly. I
>installed freeIPA with --no_hbac_allow.
>
>I have an HBAC service defined as an nfs service:
>$ ipa hbacsvc-add --desc="NFS service" nfs
>
>I have an HBAC rule that allows all users to access all services on a group
>of hosts. My nfsclient is in that group.
>
>Is that enough to allow users rights to mount nfs shares? Do I need some
>sort of HBAC between the nfsclient and the nfsserver?
HBAC is not involved at all for NFS use. Remember, HBAC checks are run
by SSSD when it is called by PAM session setup. There is nothing like
that for NFS mounts.
Have you read http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA ?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list