LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 05-12-2007, 02:33 AM   #1
nilecirb
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Rep: Reputation: 15
File serving through Kerberos authentication


In my network, I have a KDC server running Windows Server 2003 (gamma), a Linux file server (delta), and a Linux client (epsilon) that can successfully retrieve a KRB5 ticket from gamma. At the moment, I'm wondering what file system I should use for the shares on delta. I'm looking primarily at OpenAFS and NFSv4, unless someone can suggest a better solution.

Ideally, when epsilon wants to mount one of delta's shares, it needs to authenticate with gamma first. What should happen is that epsilon's forwardable ticket should be sent to delta, which then checks against gamma. If gamma approves the ticket for the share, delta continues and lets epsilon mount it.

Is what I want to do even possible? If at all possible, I would like to avoid using a keytab, as I've encountered many problems creating it with matching knvo's. Thanks for any help.
 
Old 05-12-2007, 05:29 PM   #2
hob
Senior Member
 
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
I guess that it depends on the reason that you chose to use Windows as the KDC. If it's for compatibility with Windows clients then it's probably best to go the Samba route - running a Winbind service on the Linux boxes to talk to the Windows DC with Kerberos etc., and then export the necessary directories as Samba file shares.
 
Old 05-13-2007, 12:46 AM   #3
nilecirb
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Original Poster
Rep: Reputation: 15
To clarify the situation, these 3 machines exist in a Windows-centric environment, with gamma as the primary DC. The shares on delta will only be mounted on the Linux clients, so I prefer to use OpenAFS or NFSv4. However, I still want the users to be authenticated via the KDC (preferably by getting a forwardable ticket). After delta receives the ticket, it should verify that the credentials match those for that particular share. With that cleared up, can anyone point me in the right direction?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFSver4 with Kerberos Authentication lakshminarayan Linux - Security 0 08-16-2006 06:20 AM
Kerberos Authentication in SUSE 10.1 paranoid_buddha Suse/Novell 1 06-13-2006 12:28 PM
Kerberos Authentication Comatose51 Linux - Security 2 08-30-2005 07:44 AM
Kerberos Authentication cwinter00 Linux - Security 1 06-16-2005 01:56 PM
Authentication via Kerberos grubjo Linux - Security 0 07-30-2004 12:48 PM


All times are GMT -5. The time now is 01:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration