How to Configure SEAM NFS Servers

This procedure requires that the master KDC has been configured. To fully test the process you need several clients. The following configuration parameters are used:

realm name = ACME.COM




DNS domain name = acme.com




NFS server = denver.acme.com




admin principle = kws/admin

1. Prerequisites for configuring a SEAM NFS server.

   The SEAM client software must be installed.

2. (Optional) Install NTP client or other clock synchronization mechanism.

   See "Synchronizing Clocks Between KDCs and SEAM Clients" for information about NTP.

3. Add new principals.

   Using the administration tool provided with your KDC add new principals for the NFS server.

   1. Create the server's NFS service principal.

      Create a principal named: nfs/denver.acme.com.

   2. (Optional) Create a root principal for the NFS server.

      Create a principal named: root/denver.acme.com.

   3. Add the server's NFS service principal to the server's keytab.

      Make sure that the nfs/denver.acme.com principal is included in the keytab file.

4. Create the gsscred table.

   See "How to Create a Credential Table" for more information.

5. Share the NFS file system using Kerberos security modes.

   See "How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes" for more information.

6. On each client, authenticate both the user and root principals.