AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only
  • 1.  Using krb5 authentication with NFS/automounter

    Posted Fri May 28, 2010 05:21 AM

    Originally posted by: rabbles


    Having followed the redbook notes on how to setup an NFS thin client to mount a krb5 authenticated NFS partition.
    The automounter is used to mount the partition for a user, but fails with a valid user ticket.
    Using truss against the GSSD process, shows that the gssd process is looking for a PAG type krbcc file, but I am not trying to us PAG type cache filenames.

    If I use kinit -u, then the PAG type credentials file is created and the KRB5CCNAME is set in the new shell (spawned by kinit -u) and the session can access the krb5 authenticated NFS partition.

    I want to use the usual krb5cc files as I want long term valid krb5 credentials for ALL the users sessions - like on all other Unix clients and I don't want a keytab file on the client for NFS.

    How do I setup client nfs to use krb5cc_<uid> only, the gssd never tries the krb5cc_<uid> format after not finding krb5cc_x... file ?

    Thanks
    #AIX-Forum


  • 2.  Re: Using krb5 authentication with NFS/automounter

    Posted Mon June 07, 2010 11:24 PM

    Originally posted by: rsandeep


    PAG was introduced to have per process creds which is desirable in many more cases. AIX NFS also supports UID based kerberos creds.

    "In the current version of AIX 5L Version 5.3 NFS V4, if the PAG value is set for the "krb5" PAG name, then the file system looks first for the PAG-based Kerberos credential cache file name. Then it looks for the UID-based credential cache file name in the /var/krb5/security/creds directory."

    For more information:
    http://www.ibm.com/developerworks/aix/library/au-kerberonfs.html

    Hope tis helps.

    laters
    Sandeep
    #AIX-Forum