Operation Manual
28.6 NFS with Kerberos
To use Kerberos authentication for NFS, GSS security must be enabled. To do so, select
Enable GSS Security in the initial YaST NFS Server dialog. You must have a working
Kerberos server to use this feature. YaST does not set up the server but just uses the
provided functionality. If you want to use Kerberos authentication in addition to the
YaST conguration, complete at least the following steps before running the NFS
conguration:
1
Make sure that both the server and the client are in the same Kerberos domain. They
must access the same KDC (Key Distribution Center) server and share their krb5
.keytab le (the default location on any machine is /etc/krb5.keytab). For
more information about Kerberos, see Chapter 6, Network Authentication with Ker-
beros (↑Security Guide).
2
Start the gssd service on the client with rcgssd start.
3
Start the svcgssd service on the server with rcsvcgssd start.
For more information about conguring kerberized NFS, refer to the links in Sec-
tion 28.7, “For More Information” (page 477).
28.7 For More Information
As well as the man pages of exports, nfs, and mount, information about conguring
an NFS server and client is available in /usr/share/doc/packages/nfsidmap/
README. Online documentation can be found at the following Web documents:
•
Find the detailed technical documentation online at SourceForge [http://nfs
.sourceforge.net/].
• For instructions for setting up kerberized NFS, refer to NFS Version 4 Open Source
Reference Implementation [http://www.citi.umich.edu/projects/
nfsv4/linux/krb5-setup.html].
•
If you have questions on NFSv4, refer to the Linux NFSv4 FAQ [http://www
.citi.umich.edu/projects/nfsv4/linux/faq/].
Sharing File Systems with NFS 477