* NFS wiki : NFSv4 Enduser doc kerberos
@ 2010-05-25 13:24 David Greaves
2010-05-25 20:37 ` J. Bruce Fields
0 siblings, 1 reply; 3+ messages in thread
From: David Greaves @ 2010-05-25 13:24 UTC (permalink / raw)
To: linux-nfs
FYI I've made an attempt to update this page:
http://wiki.linux-nfs.org/wiki/index.php/Enduser_doc_kerberos
If someone could please take a look and correct any errors I've made that would
be nice.
Some questions:
* should a client have an nfs/<fqdn> principal (it works without)
* Is the "allow_weak_crypto=true" part still correct?
David
--
"Don't worry, you'll be fine; I saw it work in a cartoon once..."
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: NFS wiki : NFSv4 Enduser doc kerberos
2010-05-25 13:24 NFS wiki : NFSv4 Enduser doc kerberos David Greaves
@ 2010-05-25 20:37 ` J. Bruce Fields
2010-05-25 21:02 ` Kevin Coffman
0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2010-05-25 20:37 UTC (permalink / raw)
To: David Greaves; +Cc: linux-nfs
On Tue, May 25, 2010 at 02:24:07PM +0100, David Greaves wrote:
> FYI I've made an attempt to update this page:
> http://wiki.linux-nfs.org/wiki/index.php/Enduser_doc_kerberos
>
> If someone could please take a look and correct any errors I've made that
> would be nice.
>
> Some questions:
> * should a client have an nfs/<fqdn> principal (it works without)
I'm actually not sure what the latest client requires--I thought it
still needed some kind of machine credential on the client.
> * Is the "allow_weak_crypto=true" part still correct?
Yes, unless you're running the very latest (unreleased) upstream kernel
and nfs-utils, which includes support for stronger crypto.
--b.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: NFS wiki : NFSv4 Enduser doc kerberos
2010-05-25 20:37 ` J. Bruce Fields
@ 2010-05-25 21:02 ` Kevin Coffman
0 siblings, 0 replies; 3+ messages in thread
From: Kevin Coffman @ 2010-05-25 21:02 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: David Greaves, linux-nfs
On Tue, May 25, 2010 at 4:37 PM, J. Bruce Fields <bfields@fieldses.org> wrote:
>
> On Tue, May 25, 2010 at 02:24:07PM +0100, David Greaves wrote:
> > FYI I've made an attempt to update this page:
> > http://wiki.linux-nfs.org/wiki/index.php/Enduser_doc_kerberos
> >
> > If someone could please take a look and correct any errors I've made that
> > would be nice.
> >
> > Some questions:
> > * should a client have an nfs/<fqdn> principal (it works without)
>
> I'm actually not sure what the latest client requires--I thought it
> still needed some kind of machine credential on the client.
Kerberos mounts can be done w/o a machine credential, but root (or the
user doing the mount) must obtain credentials somehow. To be
workable, I would think that a keytab of some kind is required (with a
cron using it to keep credentials fresh).
> > * Is the "allow_weak_crypto=true" part still correct?
>
> Yes, unless you're running the very latest (unreleased) upstream kernel
> and nfs-utils, which includes support for stronger crypto.
>
> --b.
> --
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-05-25 21:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-25 13:24 NFS wiki : NFSv4 Enduser doc kerberos David Greaves
2010-05-25 20:37 ` J. Bruce Fields
2010-05-25 21:02 ` Kevin Coffman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).