On pe, 08 kesä 2018, Zane Zak via FreeIPA-users wrote:
I know that this is not the ideal list for NFS questions, but I'm
not
sure of a better one.
I'm exploring NFSv4 with kerberos security, all tied into FreeIPA.
My question is whether or not the NFSv4 clients need nfs service
principals. Obviously the NFSv4 server needs both, but the client side
is where I'm confused.
Some documentations say the client needs both a host and nfs service
principal:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/...
Other documentations say the client needs just a host principal:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
Any clarification would be appreciated.
You don't need more than host/...
principal on the client side.
You can check rpc.gssd manual page. It says:
------------------------------------------------------------------------
rpc.gssd searches in the following order for a principal to use.
The first matching credential is used. For the search,
<hostname> and <REALM> are replaced with the local sys‐ tem's
hostname and Kerberos realm.
<HOSTNAME>$@<REALM>
root/<hostname>@<REALM>
nfs/<hostname>@<REALM>
host/<hostname>@<REALM>
root/<anyname>@<REALM>
nfs/<anyname>@<REALM>
host/<anyname>@<REALM>
The <anyname> entries match on the service name and realm, but
ignore the hostname. These can be used if a principal matching
the local host's name is not found.
Note that the first principal in the search order is a user
principal that enables Kerberized NFS when the local system is
joined to an Active Directory domain using Samba. A
password for this principal must be provided in the local system's keytab.
--------------------------------------------------------------------------------
The documentation links you point are for two different versions of
RHEL. RHEL7 documentation basically corresponds to rpc.gssd man page.
The older documentation wasn't updated.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland