How to configure Authentication Services to work with Kerberized NFS. By deafult Authentication Services (QAS) does not use older encryption formats for its key tabs and session tickets.
Prepare the NFS keytab with DES keys:
1 - /opt/quest/bin/vastool -u administrator service create nfs/
2 - /opt/quest/bin/vastool -u administrator passwd -re -k /etc/opt/quest/vas/nfs.keytab nfs/
3 - ln -s /etc/opt/quest/vas/nfs.keytab /etc/krb5.keytab
Configure krb5 settings
1 - cd /etc
2 - ln -s /etc/opt/quest/vas/vas.conf /etc/krb5.conf
3 - vi /etc/krb5.conf and set the following:
# default_etypes = arcfour-hmac-md5
fcache_version = 3
# session tickets
default_tkt_enctypes = des-cbc-md5
Support secure nfs (rpcgssd, rpcidmapd)
1 - echo 'SECURE_NFS="yes"' >> /etc/sysconfig/nfs
Configure rpcidmapd for name -> uid/gid -> name mapping
1 - vi /etc/idmapd.conf and set the domain setting domain = <domain.com>
2 - ensure /etc/rc.d/init.d/nfs and /etc/rc.d/init.d/rpcidmapd are started at the next boot
3 - shutdown -r now
NOTE: Setup and configuration for NFS is not supported. For assistance this would require a PSO engagement. These steps may be out of date.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center