NFSv4 details and documentations
Slawa Olhovchenkov
slw at zxy.spb.ru
Tue Dec 1 07:51:20 UTC 2015
On Mon, Nov 30, 2015 at 06:15:48PM -0500, Rick Macklem wrote:
> In GSS, the host based principal is <some-string>@<host>.<domain>. This
> translates to: <some-string>/<host>.<domain>@<KERBEROS-REALM> in the KDC.
> For example:
> nfs-client.my.home - DNS name of the client machine
> MYREALM - Realm for Kerberos KDC
> - I want to have root work as "root".
> --> I go to the KDC and create a principal name:
> root/nfs-client.my.home at MYREALM
> --> Then I create a keytab entry for this principal and transfer it to
> /etc/krb5.keytab on the client machine (nfs-client.my.home).
> --> Then I mount with: -o nfsv4,gssname=root
> and non-root users will have to kinit to access the server as themselves.
Is there a difference between gssname=host
(host/nfs-client.my.home at MYREALM and already exist) and gssname=root
(and create and expoprt additional root/nfs-client.my.home at MYREALM)?
More information about the freebsd-hackers
mailing list