[TUHS] NFS & Kerberos woes...

Grant Taylor gtaylor at tnetconsulting.net
Thu Dec 27 16:27:21 AEST 2018

On 12/25/18 9:49 PM, Theodore Y. Ts'o wrote:
> Now, I believe you *could* configure in the mapping database 
> that authentication from some Kerberos principal such as 
> "tytso/root at ATHENA.MIT.EDU" or "host/cwcc.mit.edu at ATHENA.MIT.EDU" (you 
> can use service principals from a Kerberos keytab as a client principal 
> for the purposes of machine authentication) should be mapped to uid 0.

Ted, you ultimately pointed me down the proper path.

My first few attempts at implementing what you were suggesting, 
including (re)using the host/client.sub.domain.tld at REALM, didn't work 
out as desired.

After much trial and tribulation, I did manage to get it working using a 
different principal, root/client.sub.domain.tld at REALM.

See my previous reply to my original message for more details.

Thank you again for the very detailed reply Ted.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181226/491826d4/attachment.bin>

More information about the TUHS mailing list