keytab question in kerberos/ldap + nfs4(home)/autofs

Latest response

Hi,

 

I'm trying to setup kerberos/ldap + nfs4(homedir)/autofs in a mixed rhel5 and rhel6 environment. It's working, but I wonder if there is anyway that clients not require a keytab file? It is a lot maintainance work if all clients need a nfs/host.FQDN/REALM keytab.

 

BR, Wuming 

WZ
Log in to join the conversation

Responses

Sadique Puthen's picture Red Hat Guru 4679 points
1 April 2011 12:05 PM

I believe, it's not possible for an NFS client to authenticate a nfsv4 mount without having a keytab. Infact, the details in the keytab is the credentials the client presents to get access to the share.

 

This is just a one time task that need to be done on every client. What maintenance over head are you having by this?

WZ Community Member 37 points
2 April 2011 6:46 AM

The maintenance over head is sysadmin has to create a new keytab everytime they kickstart a client from satellite. I guess I need script some for this. Or can this be done from satellite?

 

BR, Wuming

Sadique Puthen's picture Red Hat Guru 4679 points
4 April 2011 8:05 AM

You can either deploy a script via kickstart %post section or you can deploy a script from satellite to automate this. You can use "kadmin" and "ktadd" through the script. Please see the respective docs to understand how this can be done without prompting the user for input.

WZ Community Member 37 points
4 April 2011 3:25 PM

Thanks Sadique! Very good advice!