NFS Services Administrator's Guide
Configuring and Administering NFS Services
Configuring and Administering an NFS Server
Chapter 2 63
Secure NFS Client Configuration with Kerberos
To secure your NFS client setup using Kerberos, follow these steps:
1. Set up Kerberos client for the same realm as the NFS server. You can
copy the krb5.conf file from the NFS server.
NOTE Add a principal for all machines that are going to use the NFS
Service. Also, add a principal for all users who will access the data on
the NFS server. For example, the sample/krbsrv39.anyrealm.com
principal should be added to the Kerberos database before running
the sample applications.
2. To get the initial TGT to request a service from the application
server, enter the following command:
# kinit
username
The password prompt is displayed. Enter the password for the root
principal that is added to the Kerberos database.
3. To verify the TGT, enter the following command:
klist
An output similar to the following output is displayed:
Ticket cache: /tmp/krb5cc_0
Default principal: root@krbhost.anyrealm.com
Valid starting Expires Service principal
Fri 16 Jan 2007 01:44:08 PM PDT Sat 17 Jan 2007 01:44:08 PM
PDT krbtgt/krbhost.anyrealm.COM@krbhost.anyrealm.com
4. To verify that the system is set up as a Kerberos client, enter the
following command:
ps -ef |grep kr
An output similar to the following output is displayed:
root 1156 1139 0 Feb 9 ? 0:30
/opt/krb5/sbin/kdcd