action #25704
Updated by ingogoeppert over 5 years ago
To improve security when nfs shares are used, we should use kerberos authentication.
Needs:
* Modified share configuration
* SPNs
* Modified client configuration
Links:
* http://users.suse.com/~sjayaraman/nfs4_howto.txt
* https://groups.google.com/forum/#!topic/linux.samba/uP119bAe0CA
* https://ovalousek.wordpress.com/2015/10/15/enable-kerberized-nfs-with-sssd-and-active-directory/
Current state:
* invis Server 14 setup is prepared for kerberos, but exports are still without
* membermod adds the spn we need for kerberos (execute manual)
* client setup is prepared for kerberos. Todo: Exporting the additional spn to the client keytab after the join (or do it manual).
Export keytab on the client: "net ads keytab create" or "net ads keytab create -P"