Can Kerberos keytabs be regenerated without downtime for NFSv4 shares mounted with krb5p privacy mode?

Solution Verified - Updated -

Issue

  • The Microsoft Windows ktpass command is used to generate User Principal Name (UPN) keytabs in Microsoft Active Directory (AD).

  • The generated keytabs are copied from the Windows system where they were deposited and deployed on the RHEL servers mounting NFS shares with the Kerberos privacy mode option sec=krb5p.

    [root@rhel8 ~]# grep krb5p /etc/fstab
nfsserver.example.com:/app /mnt/appshare vers=4,sec=krb5p,rw 0 0

  • The NFS mount disconnects whenever the UPN password is rotated in AD.

Environment

  • Red Hat Enterprise Linux (RHEL) 8
  • NFSv4
  • Kerberos krb5
  • Microsoft Active Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content