kerberized NFS
Rick Macklem
rmacklem at uoguelph.ca
Sat Feb 18 03:13:50 UTC 2012
Giulio Ferro wrote:
> Thanks everybody again for your help with setting up a working
> kerberized nfsv4 system.
>
> I was able to user-mount a nfsv4 share with krb5 security, and I was
> trying to do the same as root.
>
> Unfortunately the patch I found here:
> http://people.freebsd.org/~rmacklem/rpcsec_gss.patch
>
> fails to apply cleanly on a 9 stable system.
>
There is now a patch called:
http://people.freebsd.org/~rmacklem/rpcsec_gss-9.patch
that should apply to a FreeBSD9 or later kernel.
For the kernel to build after applying the patch, you will
need a kernel config with
options KGSSAPI
in it, since the patch adds a function that can't be called
via one of the XXX_call() functions using the function pointers.
Also, review the section of the wiki where it discusses setting
vfs.rpcsec.keytab_enctype
because the host based initiator keytab entry won't work unless
it is set correctly.
Good luck with it, rick
> Is there a more recent patch available or some better way to
> automatically
> mount the share at boot time?
>
> Thanks again.
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to
> "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list