NFS Services Administrator's Guide (B.11.31.03) August 2008
An output similar to the following output is displayed:
krbcl145: #/hpsample/gss-client krbcl145 sample@krbsrv39
"hi"
Sending init_sec_context token (size=541)...continue needed
...length = 106
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"root/krbcl145.anyrealm.com@krbhost.anyrealm.com" to
"sample/krbsrv39.anyrealm.com@krbhost.anyrealm.com",
lifetime 86297, flags 36, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 7 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 2 }
2: { 1 2 840 113554 1 2 1 3 }
3: { 1 3 6 1 5 6 2 }
4: { 1 2 840 113554 1 2 1 4 }
5: { 1 2 840 113554 1 2 1 1 }
6: { 1 2 840 113554 1 2 2 1 }
length = 37
Signature verified.
The statement Signature verified indicates that the GSS-API framework is
working properly.
NOTE: Step 6 and Step 7 are to be performed on the Kerberos Server.
6. To add the NFS service principal to the NFS server, such as nfs/
krbsrv39.anyrealm.com, in the Kerberos database of the Kerberos server, first
run the kadmin command-line administrator command and then add a new
principal using the add command.
Command: add
Name of Principal to Add: nfs/krbsrv39.anyrealm.com
Enter password:
Re-enter password for verification:
Principal added.
NOTE: The server hostname in the service principal must be a fully qualified
name.
7. To extract the key for the added NFS service principal, use the Kerberos
administration tool, kadminl_ui, and store it in a file called
machine_name.keytab. Then, copy this file to /etc/krb5.keytab on the NFS
server.
8. To verify the keys, enter the following command :
klist -k
38 Configuring and Administering NFS Services