NFS Services Administrator Guide for 11i v3 (5900-2572, September 2012)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

NOTE: In all of this section, the following systems will be used as examples:

Kerberos Server: onc52.ind.hp.com

NFS Server: onc20.ind.hp.com

NFS Client: onc36.ind.hp.com

2. Synchronize the date & time of server nodes with kerberos server. To change the current date

and time use date command followed by the current date and time. For example, enter date

06101130 to set the date to June 10th and time to 11:30 AM. The time difference between

the systems should not be more than 5 minutes.

3. Add a principal for all the NFS server to the Kerberos database. For example, if our NFS

server is onc20.ind.hp.com then nfs/onc20.ind.hp.com principal should be added

to the Kerberos database before running the NFS applications.

To add principals use the Kerberos administration tool, kadminl

onc52# /opt/krb5/admin/kadminl

Connecting as: K/M

Connected to krb5v01 in realm ONC52.IND.HP.COM.

Command: add nfs/onc20.ind.hp.com

Enter password:

Re-enter password for verification:

Enter policy name (Press enter key to apply default policy) :

Principal added.

4. Copy the /etc/krb5.conf file from the Kerberos server to the NFS server node.

onc52# rcp /etc/krb5.conf onc20:/etc/

5. Extract the key for the NFS service principal on the Kerberos server and store it in the

/etc/krb5.keytab file on the NFS server. To extract the key, use the Kerberos administration

tool kadminl.

onc52# /opt/krb5/admin/kadminl

Connecting as: K/M

Connected to krb5v01 in realm ONC52.IND.HP.COM.

Command: ext

Name of Principal (host/onc52.ind.hp.com): nfs/onc20.ind.hp.com

Service Key Table File Name (/opt/krb5/v5srvtab): /etc/onc20.keytab

Principal modified.

Key extracted.

onc52# rcp /etc/onc20.keytab onc20:/etc/krb5.keytab

6. To verify the keys in NFS server, enter the following command in NFS server.

onc20# klist -k

Keytab name: FILE:/etc/krb5.keytab

KVNO Principal

---- --------------------------------------------------------------------------

1 nfs/onc20.ind.hp.com@ONC52.IND.HP.COM

7. Edit the /etc/nfssec.conf file and uncomment the entries for krb5, krb5i, or krb5p based

on the security protocol you want to choose.

onc20# cat /etc/nfssec.conf | grep krb5

krb5 390003 krb5_mech default - # RPCSEC_GSS

krb5i 390004 krb5_mech default integrity # RPCSEC_GSS

krb5p 390005 krb5_mech default privacy # RPCSEC_GSS

8. Edit the /etc/inetd.conf file and uncomment gssd entry.

onc20# cat /etc/inetd.conf | grep gssd

rpc xti ticotsord swait root /usr/lib/netsvc/gss/gssd 100234 1 gssd

26 Configuring and Administering NFS Services