NFS & Kerberos woes...
Grant Taylor
cctalk at gtaylor.tnetconsulting.net
Wed Dec 26 12:56:39 CST 2018
On 12/26/18 11:41 AM, Craig Ruff wrote:
> I used Kerberos with NFS successfully at my last job. Any process/user
> id accessing NFS mounts using Kerberos authentication must have a valid
> Kerberos ticket, root included.
Okay. Thank you for confirming what I suspected but was still doubting.
I believe that root should have access as the system's keytab has
host/$FQDN and nfs/$FQDN principals. Root also has a ticket granting
ticket, krbtgt/$REALM. At least I think that means that root has vlaid
Kerberos tickets.
> The no_root_squash option is no longer relevant when Kerberos
> authentication is used, as you surmise.
ACK
> You can address this by getting a machine ticket that root can use.
That's my current working understanding. But, apparently I'm not
getting something correct. :-(
Thank you for the reply Craig.
--
Grant. . . .
unix || die
More information about the cctech
mailing list