NFS Services Administrator's Guide
Configuring and Administering NFS Services
Configuring and Administering an NFS Server
Chapter 260
6. To add the NFS service principal to the NFS server, such as
nfs/krbsrv39.anyrealm.com, in the Kerberos database of the
Kerberos server, first run the kadmin command-line administrator
command and then add a new principal using the add command.
Command: add
Name of Principal to Add: nfs/krbsrv39.anyrealm.com
Enter password:
Re-enter password for verification:
Principal added.
NOTE The server hostname in the service principal must be a fully
qualified name.
7. To extract the key for the added NFS service principal, use the
Kerberos administration tool, kadminl_ui, and store it in a file
called machine_name.keytab. Then, copy this file to
/etc/krb5.keytab on the NFS server.
8. To verify the keys, enter the following command :
# klist -k
An output similar to the following output is displayed:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
--------------------------------------------------------
1 nfs/krbsrv39.anyrealm.com@krbhost.anyrealm.com
If you did not add the NFS service principal with the fully qualified
hostname, an error similar to the following error is displayed:
share -o sec=krb5i /export_krb5
share_nfs: /export_krb5: Invalid argument
9. Modify the /etc/nfssec.conf file. Uncomment the entries for
either krb5, krb5i, or krb5p based on the security protocol you want
to choose. You can choose all the versions as shown in this example:
#ident "@(#)nfssec.conf 1.5 07/11/09 SMI"