keytab question in kerberos/ldap + nfs4(home)/autofs

Latest response



I'm trying to setup kerberos/ldap + nfs4(homedir)/autofs in a mixed rhel5 and rhel6 environment. It's working, but I wonder if there is anyway that clients not require a keytab file? It is a lot maintainance work if all clients need a nfs/host.FQDN/REALM keytab.


BR, Wuming 


I believe, it's not possible for an NFS client to authenticate a nfsv4 mount without having a keytab. Infact, the details in the keytab is the credentials the client presents to get access to the share.


This is just a one time task that need to be done on every client. What maintenance over head are you having by this?

The maintenance over head is sysadmin has to create a new keytab everytime they kickstart a client from satellite. I guess I need script some for this. Or can this be done from satellite?


BR, Wuming

You can either deploy a script via kickstart %post section or you can deploy a script from satellite to automate this. You can use "kadmin" and "ktadd" through the script. Please see the respective docs to understand how this can be done without prompting the user for input.

Thanks Sadique! Very good advice!