NFSv4 Kerberos and Local Service Accounts

Posted on

I am looking for some advice. I have a couple [possibly incorrect] beliefs that seem to be at odds. Firstly, I'd like to start using a more secure method for shared storage between Linux hosts. It seems that NFSv4 with Kerberos is a solid way to achieve this. Secondly, I'm considering shared storage requirements for specific applications for which I would generally create local application/service accounts for. The reason I am looking at local application accounts is because I think it makes sense to have a local account in case the external authentication source (e.g. LDAP) may be unavailable.

The issue is that NFSv4 seems to be predicated upon user identities being available from a centralized source available to the NFS server and the clients mounting shares. Local accounts would not exist in such a centralized source.

So I have a couple questions based on this:
1) Is my general belief that service accounts should be local completely incorrect to start?
2) Is NFSv4 the best option for secure shared storage between Linux hosts?

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.