Date: Tue, 1 Dec 2015 10:51:17 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: hackers@freebsd.org Subject: Re: NFSv4 details and documentations Message-ID: <20151201075117.GE31314@zxy.spb.ru> In-Reply-To: <1530363546.112649399.1448925348701.JavaMail.zimbra@uoguelph.ca> References: <9BC3EFA2-945F-4C86-89F6-778873B58469@cs.huji.ac.il> <661673285.88370232.1447682409478.JavaMail.zimbra@uoguelph.ca> <20151116141433.GA31314@zxy.spb.ru> <1489367909.88538127.1447688459383.JavaMail.zimbra@uoguelph.ca> <20151116155710.GB31314@zxy.spb.ru> <1312967974.89238067.1447714816355.JavaMail.zimbra@uoguelph.ca> <20151130165940.GB31314@zxy.spb.ru> <183609075.112643195.1448924896262.JavaMail.zimbra@uoguelph.ca> <1530363546.112649399.1448925348701.JavaMail.zimbra@uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 30, 2015 at 06:15:48PM -0500, Rick Macklem wrote: > In GSS, the host based principal is <some-string>@<host>.<domain>. This > translates to: <some-string>/<host>.<domain>@<KERBEROS-REALM> in the KDC. > For example: > nfs-client.my.home - DNS name of the client machine > MYREALM - Realm for Kerberos KDC > - I want to have root work as "root". > --> I go to the KDC and create a principal name: > root/nfs-client.my.home@MYREALM > --> Then I create a keytab entry for this principal and transfer it to > /etc/krb5.keytab on the client machine (nfs-client.my.home). > --> Then I mount with: -o nfsv4,gssname=root > and non-root users will have to kinit to access the server as themselves. Is there a difference between gssname=host (host/nfs-client.my.home@MYREALM and already exist) and gssname=root (and create and expoprt additional root/nfs-client.my.home@MYREALM)?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151201075117.GE31314>