NFS Services Administrator's Guide (B.11.31.03) August 2008
To configure your secure NFS server, follow these steps:
1. Set up the host as a Kerberos client. For more information on setting up the NFS
server as a Kerberos client, see Configuration Guide for Kerberos Client Products
on HP-UX (5991-7718).
NOTE: Add a principal for all machines that are going to use the NFS Service.
Also, add a principal for all users who will access the data on the NFS server. For
example, the sample/krbsrv39.anyrealm.com principal should be added to
the Kerberos database before running the sample applications.
2. To get the initial Ticket Granting Ticket (TGT) to request a service from the
application server, enter the following command:
kinit username
The password prompt is displayed. Enter the password for the root principal that
is added to the Kerberos database.
3. To verify the TGT, enter the following command:
klist
An output similar to the following output is displayed:
Ticket cache: /tmp/krb5cc_0
Default principal: root@krbhost.anyrealm.com
Valid starting Expires Service principal
Fri 16 Jan 2007 01:44:08 PM PDT Sat 17 Jan 2007 01:44:08 PM
PDT
krbtgt/krbhost.anyrealm.com@krbhost.anyrealm.com
4. To verify that the system is set up as a Kerberos client, enter the following
command:
ps -ef |grep kr
An output similar to the following output is displayed:
root 1156 1139 0 Feb 9 ? 0:30
/opt/krb5/sbin/kdcd
root 1139 1 0 Feb 9 ? 0:00
/opt/krb5/sbin/kdcd
root 1154 1 0 Feb 9 ? 15:33
/opt/krb5/sbin/kadmind
This output indicates that the Kerberos daemons are running.
5. To verify that the underlying GSS-API framework is working properly, run the
sample program /usr/contrib/gssapi/sample.
In this example, the following setup was used to run the program:
GSS-API Server Host: krbsrv39
GSS-API Client Host: krbcl145
Configuring and Administering an NFS Server 37