LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 11-21-2007, 04:31 PM   #1
bilkes
LQ Newbie
 
Registered: Nov 2007
Posts: 1

Rep: Reputation: 0
NFSv4 kerberized: (only) root has no permissions


We have setup a NFSv4/kerberos environment to restrict access to NFS only to authorized clients. Both, NFS as well as kerberos work properly, with the one exception that the root user has no permissions on the server. For all other users, everything works perfectly. Root restriction occurs only when gss/krb5 authentication is used (nfsv4 exporting to * works nicely).

I guess this has got something to do with root not having a proper kerberos ticket, it appears that Linux uses the "nfs" principal from the krb5.keytab file for every transaction initiated by root. Still, I can't figure out what would be a proper ticket or how to change the Linux behavior so that it uses "root" tickets ?

Any suggestions?

Sven Bilke
 
  


Reply

Tags
kerberos, nfsv4


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFSv4 replication and migration PhillipHuang Linux - Software 0 04-11-2007 11:07 PM
kerberized ssh window client can't authenticate to kerberized Linux SSH server celeron Linux - Software 0 04-11-2007 05:36 AM
Forwarding tickets via Kerberized SSH nilecirb Linux - Security 1 03-11-2007 01:48 AM
LXer: Secure Kerberized authentication on Solaris 10 using IBM AIX Version 5.3 LXer Syndicated Linux News 0 11-10-2006 12:54 PM
NFSv4 + autofs technomancer Linux - Networking 1 11-06-2006 11:10 AM


All times are GMT -5. The time now is 04:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration