[29851] in Kerberos
Re: Solaris 10, secure nfs, permission denied
daemon@ATHENA.MIT.EDU (Will Fiveash)
Mon May 19 22:30:48 2008
Date: Mon, 19 May 2008 21:14:06 -0500
From: Will Fiveash <William.Fiveash@sun.com>
To: Borislav_S <borislav.stoichkov@gmail.com>
Message-ID: <20080520021406.GB1244@sun.com>
Mail-Followup-To: Borislav_S <borislav.stoichkov@gmail.com>, kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <042255be-acfe-41ba-86a9-91c13d73f1ba@f36g2000hsa.googlegroups.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, May 19, 2008 at 01:15:48PM -0700, Borislav_S wrote:
>
> According to the log below and your klist output you have not
> performed step 2a from the "How to Access a Kerberos Protected NFS
> File System as the root User" section here
> http://docs.sun.com/app/docs/doc/816-4557/setup-148?a=view. It is also
> listed as an optional step 6b in the "How to Manually Configure a
> Kerberos Client" section on the same page. Hope this is helpful.
> Thanks.
Creating a root principal is not needed for mounting a NFS share
protected by krb. That is only needed if a user wants to access a NFS
sec=krb5* share as root. In general it's better not to have a root
principal unless there is a specific need. Note that Solaris krb will
fall back to automatically acquiring a krb cred via the host/<FQDN>
entry in /etc/krb5/krb5.keytab if it exists when it is determined that a
krb cred is needed by root as is the case when doing a mount of a NFS
sec=krb5* share.
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
