Labeled NFS/Demo/Manual

From SELinux Wiki
Jump to: navigation, search

In general, the following order of installation should be followed. The NFS and LDAP installation steps could be reversed if desired. Kerberos should be configured prior to both the NFS and LDAP installation instructions below depend on Kerberos, particularly to test that they are working properly. The system configuration instructions depends on all three servers and should be completed last.


Helpful Links

Links that are helpful in setting up Kerberos, NFSv4, LDAP:

Misc Notes/FAQ

Notable from http://www.citi.umich.edu/projects/nfsv4/linux/faq/ :

  • I am accessing an NFSv4 mount via Kerberos as root. Why isn't it using the credentials I got via kinit?
    • ALL accesses as root on a Linux client (uid=0) currently use the machine credentials, not any credentials obtained via kinit. We plan to change this behavior when moving to use the new key ring kernel support to store credentials and contexts.
  • I am accessing an NFSv4 mount via Kerberos and then I do a kdestroy, but I am still able to access the NFS data. Why?
    • The kernel code caches the gssapi context that was negotiated using the Kerberos credentials. Destroying the credentials does not destroy the context in the kernel. We plan to change this behavior when moving to use the new key ring kernel support to store credentials and contexts.
  • I keep hearing about this key ring support, when will it be ready?
    • We're working on it! The plan is to have it working ASAP.