Hi,
Is there any guide to install/test nfs sec=krb5?
test env:
krb5 server : windows active directory
linux: rocky linux 9.1, already 'realm join' with sssd.
1) from redhat
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_using_network_file_services/securing-nfs_configuring-and-using-network-file-services
Procedure
Create the nfs/[email protected] principal on the NFS server side.
Create the host/[email protected] principal on both the server and the client side.
Add the corresponding keys to keytabs for the client and server.
but we need more detail.
2, from isilon
http://doc.isilon.com/ECS/3.3/AdminGuide/ecs_t_file_access_confgure_kerberos.html
http://doc.isilon.com/ECS/3.7/AdminGuide/GUID-2018CF69-5F1E-4F3A-BA90-3659F85DE415.html
more detail than redhat.
but the following fail.
Test registration by running.
kinit -k host/<fqdn>@NFS-REALM.LOCAL
host/<fqdn> will is already created when 'realm join'?
host/<fqdn> is created here again, so there is some trouble?
'kinit -k nfs/<fqdn>@NFS-REALM.LOCAL' works as the document.
any guide please, thanks a lot.
Best Regards
Wang Yugui ([email protected])
2023/01/22