Re: Kerberos to file server

• Previous message: Michael Collette: "Kerberos to file server"
• In reply to: Michael Collette: "Kerberos to file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Jul 2003 21:29:10 -0400 (EDT)
To: Michael Collette <metrol@metrol.net>

On Wed, 30 Jul 2003, Michael Collette wrote:

> From what I've read thus far it "seems" that configuring Kerberos
> between the two is the way to go about this. The handbook talks about
> setting up a remote loging kind of thing, but nothing about how to
> handle NFS permissions. I also don't quite get how to automate the
> process of authenticating and mounting upon initial login.
>
> Question 1: Am I heading down the right road, or are there other options
> I should be considering first?

What you're doing should work just fine. I can't see any difference
between a netbooted client and a regular PC client.

> Question 2: If I'm on the correct path where should I look for some kind
> of a tutorial for the mechanics of getting this to happen?

NFS doesn't really /do/ permissions, so the easiest (and probably least
safe) is to export as400:/home to all the clients, and make it
root-writable to the FreeBSD master server. All the clients would
individually mount the NFS share from as400 on boot, and since the FreeBSD
box has root-write, you can manage the files from it. The as400 wouldn't
even need to know about the users at all (unless as400's nfs has rules
about uids having to match something in its own password file, which
isn't standard).

A safer way would be to use AFS, since it does proper authentication, but
I have no idea if as400 would make a nice AFS server.

And this isn't strictly speaking a freebsd-security@ question, for that
matter. Reply to me directly if you have questions.

-- 
Matt Piechota
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Michael Collette: "Kerberos to file server"
• In reply to: Michael Collette: "Kerberos to file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages High traffic NFS performance and availability problems ... We are a web hosting company that runs exclusivly on FreeBSD. ... storage availability and performance problems. ... GigaBit ethernet to the NFS client machines ... (freebsd-performance) Re: is NFS production-ready ? ... My goal is to provide NFS service to many FreeBSD clients sharing the ... NFS servers sharing its LUNs. ... implementation of NFS client ... (freebsd-net) Re: NFS Locking Issue ... transfered from the server to the client. ... With FreeBSD-6.1 as client (using an Intel ... the NFS server on FreeBSD is mucked up, ... So it may well be that it is the FreeBSD NFS server code which has problems. ... (freebsd-stable) FreeBSD +NFS + mail services ... Looking for any links/comments/info on performance settings for a FreeBSD mail setup using NFS. ... In particular how does the client decides how many client nfs programs to run? ... (freebsd-isp) Re: NFS Locking Issue ... to FreeBSD 6.x and later. ... Turn off rpc.lockd on either the server or client before the cp command, ... At one point we had in our test network a 6.1 NFS server providing files to 5.4 diskless clients without any problems. ... (freebsd-stable)