I'm looking at implemented Kerberos authenticated NFSv4 mounting of home directories on some Linux machines I look after. It's complicated both by my not really knowing very much about Kerberos and by my not having control over the NFS server of KDC, I have to get other people to do those bits.
I have the Linux machines set up so that users are authenticated with Kerberos and I'm wondering, can I use the user's ticket for authenticating to the NFS sever to mount their home directory when they log in?
Every guide I've found talks about creating principles for every client and adding stuff to the krb5.keytab on each client. Making a separate principle for every client seems like it's going to be a real pain. Not just generating stuff for and distributing to all the machines that are already set up, but having to create one every time a new machine is set up. (I need the set up of each new machine to be almost monkey can do it simple.) The Ubuntu guide to NFSv4 at
https://help.ubuntu.com/community/NFSv4Howto says, in bold, "...the server gives access to users with a valid kerberos ticket only." Users. Not clients, users. Yet when I read the rest of the guide to setting up NFS with Kerberos it seems to be describing a set up where the server grants access to clients with a valid ticket, not users.