[ Pobierz całość w formacie PDF ]

NOTE
Only DES keys are supported on Red Hat Enterprise Linux 5.
If this command is run on a different machine:
a. Save the keytab to a temporary file. For example:
... -k /tmp/nfs.keytab
b. Copy the keytabs over to the NFS machine.
c. Set the file permissions to 0700.
d. On the NFS host machine, add the service key to the keytab file.
37
Red Hat Enterprise Linux 5 Configuring Identity Management
# ( echo rkt /root/nfs-client.keytab; echo wkt /etc/krb5.keytab)
|ktutil
2. Edit the krb5.conf file to allow weak crypto. This is required for every client if any client in the
domain will use older encryption options like DES.
# vim /etc/krb5.conf
allow_weak_crypto = true
3. Edit the NFS common configuration to enable client-side secure NFS, by uncommenting the
SECURE_NFS line.
# vim /etc/sysconfig/nfs
SECURE_NFS="yes"
4. If the NFS server and client are in different DNS domains, then configure the NFS domain. The
idmapd.conf must be the same on the NFS client as it is on the NFS server.
# vim /etc/idmapd.conf
Domain = example.com
5. Start the GSS daemon.
# service rpc.gssd start
6. Mount the directory.
# echo "$NFSSERVER:/this /mnt/this nfs4 sec=krb5i,rw,proto=tcp,port=2049"
>>/etc/fstab
# mount -av
Index
K
Kerberos
- separate credentials cache, Caching User Kerberos Tickets
L
logging in
- separate credentials cache, Caching User Kerberos Tickets
P
port forwarding
- for the UI, Using the UI with Proxy Servers
38
Index
proxy servers
- for the UI, Using the UI with Proxy Servers
U
users
- separate credentials cache, Caching User Kerberos Tickets
W
web UI
- port forwarding, Using the UI with Proxy Servers
- proxy servers, Using the UI with Proxy Servers
39 [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

michalrzlso.keep.pl