[28565] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Problem in access NFSv4 space as the root user when using krb5

daemon@ATHENA.MIT.EDU (Kevin Coffman)
Tue Oct 16 09:35:49 2007

Message-ID: <4d569c330710160635s6925fb35h6b5d39f67cf194f0@mail.gmail.com>
Date: Tue, 16 Oct 2007 09:35:23 -0400
From: "Kevin Coffman" <kwc@citi.umich.edu>
To: "Ido Levy" <IDOL@il.ibm.com>
In-Reply-To: <OF128D22E4.9EF0899A-ONC2257376.0033E3D3-C2257376.0033FE2C@il.ibm.com>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On 10/16/07, Ido Levy <IDOL@il.ibm.com> wrote:
>
> Hello All,
>
> We are trying to understand the behavior of a system that support automount
> by NFSv4 with security flavor krb5.
> We have both Linux and AIX clients and when logging to these clients as the
> root user we have noticed that:
>
> 1) From the Linux client  as the "root" user  we are able to access (cd,
> ls, df )  NFSv4 mount point without any kerberos ticket.
> 2) From the AIX client as the "root" user without any kerberos ticket we
> got "permission denied" error  when trying to cd to the mount point and its
> sub-dirs.
>
> We are using AIX-5.3 as NFSv4 server and RHEL 5/AIX-5.3 as NFSv4 clients.
> We are wondering what should be the normal behavior of such scenario.
>
> We would appreciate your advice

This is more an NFS question than a Kerberos question.  The reason
that access works on Linux is that the current default behavior on
Linux is to always use the machine credentials (the nfs/<hostname>
keytab) on the client for accesses from root.  This behavior can be
disabled, which then requires that root obtain Kerberos credentials
before mounting.

K.C.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post