Project

General

Profile

action #25704

Updated by ingogoeppert about 3 years ago

To improve security when nfs shares are used, we should use kerberos authentication.

Needs:
* Modified share configuration
* SPNs
* Modified client configuration

Links:
* http://users.suse.com/~sjayaraman/nfs4_howto.txt
* https://groups.google.com/forum/#!topic/linux.samba/uP119bAe0CA

Current state:
* invis Server 14 setup is prepared for kerberos, but exports are still without
* membermod adds the spn we need for kerberos (execute manual)
* client setup is prepared for kerberos. Todo: Exporting the additional spn to the client keytab after the join (or do it manual).

Export keytab on the client: "net ads keytab create" or "net ads keytab create -P"

Back