[EMAIL PROTECTED] (Alok Gore) wrote in message news:<[EMAIL PROTECTED]>... > But I have a confusion! By looking at the principals you can not > distinguish between the pricipal for a service and a principal for a > user. Does it matter ?
No. A user principal can be used for a service, and vice versa. > > Apologies for the naive questions - I'm new to Kerberos. > > > I was looking at a thread which is abt using kerberos 4 for NFS client > server communication on Solaris. > (Reffer To: > http://groups.google.com/groups?selm=rns.812460270%40deakin.edu.au&oe=UTF-8&output=gplain) > I know that this discussion does not fully apply to me because I am > using krb5 and RPCSEC_GSS mechanisms, but some things may be similar. > > Mainly I was able to see these *cookbook* tips for setting it up NFS over Kerberos V4 is obsolete technology. > > > * must run "kerbd" process on both NFS client and NFS server > * must be running a Kerberos *V4* server > * export the filesystem with kerberos authentication enabled: > * obtain "root.client" ticket-granting ticket on the client: > client# kinit root.client > * mount the filesystem on the client, with the kerberos option: > client# mount -o rw,kerberos server:/export/xxx /mnt > > The above mount command will obtain an "nfs.server" service ticket > from the kerberos server. You can very this with "klist". > > I am worried abt two things: > 1) I don't have anything like the "kerbd" that is mentioned here. No, you have gssd which does the same thing. > 2) I am not getting the nfs/server-hostname ticket after doing a > mount. If you put root/<client-name> into your keytab things should work. Or do a kinit. What does klist show after the mount? You should follow the SEAM configuration instructions on docs.sun.com. Are you using DNS? Do you have DNS running on your NFS client and server? And on your KDC? Do your root/ and nfs/ principals have fully qualified domain names in them? E.g. root/alok.rediffmail. It might help if you use real names of clients and servers in your examples. You might also try to use the SEAM KDC, get that working, before using the MIT KDC. Since you are new to Kerberos, it might be best if you use Sun's code everywhere until you get things working. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
