NFSv4 details and documentations

Slawa Olhovchenkov slw at zxy.spb.ru
Tue Dec 1 07:51:20 UTC 2015


On Mon, Nov 30, 2015 at 06:15:48PM -0500, Rick Macklem wrote:

> In GSS, the host based principal is <some-string>@<host>.<domain>. This
> translates to:  <some-string>/<host>.<domain>@<KERBEROS-REALM> in the KDC.



> For example:
>   nfs-client.my.home - DNS name of the client machine
>   MYREALM - Realm for Kerberos KDC
>   - I want to have root work as "root".
> --> I go to the KDC and create a principal name:
>    root/nfs-client.my.home at MYREALM
>    --> Then I create a keytab entry for this principal and transfer it to
>        /etc/krb5.keytab on the client machine (nfs-client.my.home).
>    --> Then I mount with: -o nfsv4,gssname=root
>        and non-root users will have to kinit to access the server as themselves.

Is there a difference between gssname=host
(host/nfs-client.my.home at MYREALM and already exist) and gssname=root
(and create and expoprt additional root/nfs-client.my.home at MYREALM)?


More information about the freebsd-hackers mailing list