How do I configure NFS4 with Kerberos in a clustered environment?

Solution Unverified - Updated -

Issue

We wish to provide a secure and resilient NFS service using NFSv4 with Kerberos. We need to be able to access a fail-over IP address/hostname from our clients.

Server side Kerberos authentication for NFS is implemented using rpc.svcgssd on RHEL, however the version in nfs-utils on RHEL 5.6 will only use an NFS service principal of nfs/hostname. We need to use an NFS service principal of nfs/failover-hostname, so that a client sees a transparent service during a fail-over.

Although we can fail-over the service, a client must connect using the hostname of the cluster node(Virtual IP address). NFS/Kerberos will not use the failover NFS service principal.

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • nfs service configured on cluster
  • Kerberos (gss/krb5)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content