[39264] in Kerberos
Re: About the purpose of client host principals for NFS
daemon@ATHENA.MIT.EDU (Simo Sorce)
Mon Oct 9 10:31:05 2023
Message-ID: <39b779680f37010209842b1e68d07aef2fc52d0b.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Marco Rebhan <me@dblsaiko.net>, kerberos@mit.edu
Date: Mon, 09 Oct 2023 10:28:45 -0400
In-Reply-To: <2917780.mvXUDI8C0e@invader>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sun, 2023-10-08 at 03:03 +0200, Marco Rebhan via Kerberos wrote:
> On Saturday, 7 October 2023 22:15:32 CEST Russ Allbery wrote:
> > [..]
>
> That clears up a lot, thank you so much!
Keying clients is useful to allow mount at boot time, before any user
with valid credentials has logged in, as well as for NFS 4.0 only (doe
snot apply to earlier protocol version nor to 4.1 and later) to do some
callback calls to the server where the protocol does not know what user
to use.
It is not strictly needed, if you use autofs for homes for example you
can live w/o a client service principal.
HTH,
Simo.
--
Simo Sorce,
DE @ RHEL Crypto Team,
Red Hat, Inc
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
