26 Dec
2018
26 Dec
'18
1:56 p.m.
On 12/26/18 11:41 AM, Craig Ruff wrote:
I used Kerberos with NFS successfully at my last job.
Any process/user
id accessing NFS mounts using Kerberos authentication must have a valid
Kerberos ticket, root included.
Okay. Thank you for confirming what I suspected but was still doubting.
I believe that root should have access as the system's keytab has
host/$FQDN and nfs/$FQDN principals. Root also has a ticket granting
ticket, krbtgt/$REALM. At least I think that means that root has vlaid
Kerberos tickets.
The no_root_squash option is no longer relevant when
Kerberos
authentication is used, as you surmise.
ACK
You can address this by getting a machine ticket that
root can use.
That's my current working understanding. But, apparently I'm not
getting something correct. :-(
Thank you for the reply Craig.
--
Grant. . . .
unix || die