[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-nfsv4
Subject: Re: kerbrized nfs4v host authentication without user kerberos
From: "J. Bruce Fields" <bfields () fieldses ! org>
Date: 2008-06-24 19:49:10
Message-ID: 20080624194910.GD15786 () fieldses ! org
[Download RAW message or body]
On Tue, Jun 24, 2008 at 08:15:46PM +0300, Alexander Piavka wrote:
>
> Hi,
>
> I've setup kerbrized nfs4v server and clients
> and clients hosts can mount the server shares.
> As root i have readonly access on the client, due to root_quash, as should.
>
> But any kind of access from any non root user from the client ends in permission
> denied. I have first to authenticate the user with kinit, only after this
> i have both read and write access to the nfs4 share.
>
> I was under the immpression that i can have kerberized nfs4 mounts
> without user kerberos authentication. Is it possible for the non
> kerberos NIS users read/write access to the nfs4 mounted shares?
No, and that's by design. An nfs server will only grant access as a
given user if the client actually presents credentials for that user.
That means you can allow any client to mount your server without
worrying that someone with root on one of clients can impersonate
everyone else.
If you really just want to authenticate the client and then permit the
client to do whatever it wants, then you probably want to use nfs with
plain old auth_sys, but on top of something else (an ssh tunnel?
ipsec?) that does the authentication. I've never tried that myself.
--b.
_______________________________________________
NFSv4 mailing list
NFSv4@linux-nfs.org
http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic