NFS Services Administrator's Guide (B.11.31.04) March 2009
Enter policy name (Press enter key to apply default policy) :
Principal added.
3. Copy the /etc/krb5.conf file from the Kerberos server to the NFS client.
onc52# rcp /etc/krb5.conf onc36:/etc/
The following steps are to be configured in NFS client
1. To get the initial TGT to request a service from the application server, enter the
following command:
onc36# kinit root
Password for root@ONC52.IND.HP.COM:
The password prompt is displayed. Enter the password for the root principal that
is added to the Kerberos database.
2. To verify the TGT, enter the following command:
onc36# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root@ONC52.IND.HP.COM
Valid starting Expires Service principal
02/12/09 10:46:33 02/12/09 20:46:31 krbtgt/ONC52.IND.HP.COM@ONC52.IND.HP.COM
3. Edit the /etc/nfssec.conf file and uncomment the entries for krb5, krb5i, or krb5p
based on the security protocol you want to choose.
onc36# cat /etc/nfssec.conf | krb5
krb5 390003 krb5_mech default - # RPCSEC_GSS
krb5i 390004 krb5_mech default integrity # RPCSEC_GSS
krb5p 390005 krb5_mech default privacy # RPCSEC_GSS
4. Edit the /etc/inetd.conf file and uncomment gssd entry.
onc36# cat /etc/inetd.conf | grep gssd
rpc xti ticotsord swait root /usr/lib/netsvc/gss/gssd 100234 1 gssd
5. Re-initialize inetd on the NFS servers.
onc36# inetd -c
6. To create a credential table, enter the following command:
onc36# gsscred -m krb5_mech -a
7. To mount, secure NFS file system, enter the following command:
mount -o sec=<Security flavor> <svr:/dir> </mount-point>
Where,
-o
Enables you to use some of the specific options of the share command, such as
sec, async, public, and others.
sec
Enables you to specify the security mode to be used. Specify krb5, krb5p or
krb5i as the Security flavor.
Configuring and Administering an NFS Server 39