Latest revision as of 16:05, 12 December 2008

In general, the following order of installation should be followed. The NFS and LDAP installation steps could be reversed if desired. Kerberos should be configured prior to both the NFS and LDAP installation instructions below depend on Kerberos, particularly to test that they are working properly. The system configuration instructions depends on all three servers and should be completed last.

• Host System Install and Setup
• DNS Install and Setup
• Kerberos Install and Setup
• LDAP Install and Setup
• NFSv4 Install and Setup
• Host System Post Configuration

Helpful Links

Links that are helpful in setting up Kerberos, NFSv4, LDAP:

• Kerberos v5 Administrator's Guide
• OpenLDAP Administrator's Guide
• Ubunto NFSv4 HowTo
• HowTo for Kerberos, NFS, LDAP
• Replace NIS with Kerberos & LDAP
• Kerberized NFSv4 Setup Tutorial by Aime Le Rouzic
• NFSv4 FAQ
• IETF NFSv4 Working Group

Misc Notes/FAQ

Notable from http://www.citi.umich.edu/projects/nfsv4/linux/faq/ :

• I am accessing an NFSv4 mount via Kerberos as root. Why isn't it using the credentials I got via kinit?
  • ALL accesses as root on a Linux client (uid=0) currently use the machine credentials, not any credentials obtained via kinit. We plan to change this behavior when moving to use the new key ring kernel support to store credentials and contexts.

• I am accessing an NFSv4 mount via Kerberos and then I do a kdestroy, but I am still able to access the NFS data. Why?
  • The kernel code caches the gssapi context that was negotiated using the Kerberos credentials. Destroying the credentials does not destroy the context in the kernel. We plan to change this behavior when moving to use the new key ring kernel support to store credentials and contexts.

• I keep hearing about this key ring support, when will it be ready?
  • We're working on it! The plan is to have it working ASAP.