Re: What linux lacks most - a decent remote fs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Neal Becker wrote:
> I used unix/linux for many years.  In the past we've used nfs.  But
> nfsv3 has no (useful) authentication.  Anyone can setup a rogue
> machine and pretend to be any uid/gid.
> 
> I understand that nfsv4 was supposed to fix that.  Looking at the
> docs I could find, it appears I'll never live long enough to
> understand how to set that up, and I haven't yet found the idiot's
> guide to setting up nfsv4 with authentication.

You need to set up a kerberos infrastructure for the authentication to
work properly. Once you do, you'll have the ability to encrypt traffic
as well as authenticating users. But all of your users will have to have
a kerberos principal and all of your machines will also have to have
their host/hostname@REALM principals extracted correctly.

If you don't know kerberos you are heading for a world of pain.

The closest thing to useful docs I can find is:

http://www.freeipa.com/page/ConfiguringRHEL5Client

but the tools used are specific to freeipa.
You would need to set up  a kerberos KDC first, which is documented
elsewhere...

> For now I'm using cifs.  That's pretty sad.
why? If it works...


> I've glanced at afs, but there's no Fedora package.
once again, AIUI afs uses kerberos for this. I have not researched this
much, though.

Regards,

Stuart
--
Stuart Sears RHC*


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux