[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos setup, basic questions

To: heimdal-discuss@sics.se, Julius <commercials@gmx.net>
Subject: Re: kerberos setup, basic questions
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Wed, 2 Jul 2008 08:06:42 +0100
In-Reply-To: <1214917263.3286.5.camel@localhost.localdomain>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <1214917263.3286.5.camel@localhost.localdomain>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>


1 jul 2008 kl. 14.01 skrev Julius:

> Hi,
>
> i would like to use nfs4 with kerberos (nfs4 is tested here), ive read
> the documentation on the homepage and these two howtos:
>
> http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt
> https://help.ubuntu.com/community/NFSv4Howto
>
>
> Some general questions:
>
> 1.
> kadmin -l
> add --random-key host/belgarath.lfs.org
>
> what does "host" mean in this case? the ubuntu howto uses nfs instead.

"host" is the service part, host is used for rsh (rcp), ssh, telnet,  
sometime ftp, etc.

For jabber its xmpp, imap imap, etc. Its protocol defined, For nfs you  
should use nfs.

> 2.
> The parameter encrypt in krb5.conf - isnt kerberos all about secure
> authentication, why even allow the possibility to transfer something  
> not
> encrypted?

That for telnet and ftp, some older version of telnet defaulted to  
integrity only (or cleartext!) of performance reason. Its no longer  
the case.

> 3.
> ive added the principle progger to the kerberos database, if i now run
> mount /tmp/somedir (/tmp/somedir is added in /etc/fstab with options
> sec=krb5,users) as user progger mount times out.

Any logs ?
Does tcpdump/wireshark tell you any useful ?


> kinit progger works from the client and server.

Check with kgetcred nfs/hostname too.

> btw, the 1.0 manual says to create
> /var/heimdal
>
> but heimdal 1.0.1 tries to create its database in:
> /var/lib/heimdal/

thanks, will check on that.

Love

Follow-Ups:
- =?gb2312?q?=BB=D8=B8=B4=A3=BA=20Re:=20kerberos=20setup,=20basic=20questio?==?gb2312?q?ns?=
  - From: =?gb2312?q?=CD=F5=ABh?= <wangyue0921@yahoo.com.cn>
- Re: kerberos setup, basic questions
  - From: Julius <commercials@gmx.net>

References:
- kerberos setup, basic questions
  - From: Julius <commercials@gmx.net>

Prev by Date: Re: telnetd need inetd??
Next by Date: =?gb2312?q?=BB=D8=B8=B4=A3=BA=20Re:=20kerberos=20setup,=20basic=20questio?==?gb2312?q?ns?=
Prev by thread: kerberos setup, basic questions
Next by thread: =?gb2312?q?=BB=D8=B8=B4=A3=BA=20Re:=20kerberos=20setup,=20basic=20questio?==?gb2312?q?ns?=
Index(es):
- Date
- Thread