Hey list, I'm currently setting up Kerberos for my home network. The main motivation was to get secure NFS, and as such I've looked at various guides on how to set it up for that. They (for example, the Arch Wiki[1]) pretty much all tell you to create principals for the host and NFS service for both the NFS server and clients that want to connect.
However, after setting up the NFS server and my Linux PC like this, I tested the whole setup with my MacBook which doesn't have a host principal or any other krb5 configuration yet (it can find the KDC due to DNS), and to my surprise it can both obtain a TGT for my user and afterwards also mount the NFS share. What purpose does the host principal for clients serve here? I assumed it would be either used to authenticate hosts before they're allowed to obtain a TGT, or authenticate for mounting NFS shares, but clearly that's not the case since it works without. Is it only used so that the network share can be mounted without a user TGT? Thanks, Marco [1]: https://wiki.archlinux.org/title/Kerberos#NFS_security
signature.asc
Description: This is a digitally signed message part.
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos