NFS4 + Kerberos: how does server know username

BASHCuresCancer · 10-24-2012, 05:01 PM

As far as I can tell, to mount a NFS4 mount with kerberos, the only thing that is needed is one principal:

nfs/HOSTNAME@REALM

How does the NFS server know the username/uid of the individual users? The AUTH_SYSTEM mechanism of NFS passes the uid on the request to the NFS server.

acid_kewpie · 10-25-2012, 06:44 AM

the user session will already have a kerberos ticket, so that is passed to the server.

mikey99 · 10-26-2012, 04:27 AM

...plus, you will not be using AUTH_SYS for kerberos authentication. You will be using RPCSEC_GSS
instead, forcing the clients to mount using the sec=krb5 mount option.

Mike.

BASHCuresCancer · 10-26-2012, 09:25 AM

I agree that the users ticket will be passed to the server. How does the server then find the principal name? via the kerberos server? In wireshark I don't see the principal name with the ticket.