How do I configure NFS4 with Kerberos in a clustered environment?
Issue
We wish to provide a secure and resilient NFS service using NFSv4 with Kerberos. We need to be able to access a fail-over IP address/hostname from our clients.
Server side Kerberos authentication for NFS is implemented using rpc.svcgssd on RHEL, however the version in nfs-utils on RHEL 5.6 will only use an NFS service principal of nfs/hostname. We need to use an NFS service principal of nfs/failover-hostname, so that a client sees a transparent service during a fail-over.
Although we can fail-over the service, a client must connect using the hostname of the cluster node(Virtual IP address). NFS/Kerberos will not use the failover NFS service principal.
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- nfs service configured on cluster
- Kerberos (gss/krb5)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
