Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 05-12-2007, 01:33 AM   #1
LQ Newbie
Registered: Jul 2005
Posts: 21

Rep: Reputation: 15
File serving through Kerberos authentication

In my network, I have a KDC server running Windows Server 2003 (gamma), a Linux file server (delta), and a Linux client (epsilon) that can successfully retrieve a KRB5 ticket from gamma. At the moment, I'm wondering what file system I should use for the shares on delta. I'm looking primarily at OpenAFS and NFSv4, unless someone can suggest a better solution.

Ideally, when epsilon wants to mount one of delta's shares, it needs to authenticate with gamma first. What should happen is that epsilon's forwardable ticket should be sent to delta, which then checks against gamma. If gamma approves the ticket for the share, delta continues and lets epsilon mount it.

Is what I want to do even possible? If at all possible, I would like to avoid using a keytab, as I've encountered many problems creating it with matching knvo's. Thanks for any help.
Old 05-12-2007, 04:29 PM   #2
Senior Member
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075

Rep: Reputation: 45
I guess that it depends on the reason that you chose to use Windows as the KDC. If it's for compatibility with Windows clients then it's probably best to go the Samba route - running a Winbind service on the Linux boxes to talk to the Windows DC with Kerberos etc., and then export the necessary directories as Samba file shares.
Old 05-12-2007, 11:46 PM   #3
LQ Newbie
Registered: Jul 2005
Posts: 21

Original Poster
Rep: Reputation: 15
To clarify the situation, these 3 machines exist in a Windows-centric environment, with gamma as the primary DC. The shares on delta will only be mounted on the Linux clients, so I prefer to use OpenAFS or NFSv4. However, I still want the users to be authenticated via the KDC (preferably by getting a forwardable ticket). After delta receives the ticket, it should verify that the credentials match those for that particular share. With that cleared up, can anyone point me in the right direction?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
NFSver4 with Kerberos Authentication lakshminarayan Linux - Security 0 08-16-2006 05:20 AM
Kerberos Authentication in SUSE 10.1 paranoid_buddha SUSE / openSUSE 1 06-13-2006 11:28 AM
Kerberos Authentication Comatose51 Linux - Security 2 08-30-2005 06:44 AM
Kerberos Authentication cwinter00 Linux - Security 1 06-16-2005 12:56 PM
Authentication via Kerberos grubjo Linux - Security 0 07-30-2004 11:48 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:34 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration