2023-01-22 04:55:27

by Wang Yugui

[permalink] [raw]
Subject: any guide to install/test nfs sec=krb5?

Hi,

Is there any guide to install/test nfs sec=krb5?

test env:
krb5 server : windows active directory
linux: rocky linux 9.1, already 'realm join' with sssd.

1) from redhat
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_using_network_file_services/securing-nfs_configuring-and-using-network-file-services
Procedure
Create the nfs/[email protected] principal on the NFS server side.
Create the host/[email protected] principal on both the server and the client side.
Add the corresponding keys to keytabs for the client and server.

but we need more detail.


2, from isilon
http://doc.isilon.com/ECS/3.3/AdminGuide/ecs_t_file_access_confgure_kerberos.html
http://doc.isilon.com/ECS/3.7/AdminGuide/GUID-2018CF69-5F1E-4F3A-BA90-3659F85DE415.html
more detail than redhat.

but the following fail.
Test registration by running.
kinit -k host/<fqdn>@NFS-REALM.LOCAL

host/<fqdn> will is already created when 'realm join'?
host/<fqdn> is created here again, so there is some trouble?

'kinit -k nfs/<fqdn>@NFS-REALM.LOCAL' works as the document.


any guide please, thanks a lot.

Best Regards
Wang Yugui ([email protected])
2023/01/22