Setting Up Root Authentication to Mount NFS File Systems

If users want to access a non-Kerberized NFS file system, either the NFS file system can be mounted as root, or the file system can be accessed automatically through the automounter whenever they access it (without requiring root permissions).

Mounting a Kerberized NFS file system is very much the same, but it does incur an additional obstacle. To mount a Kerberized NFS file system, users must use the kinit command as root to obtain credentials for the client's root principal, because a client's root principal is typically not in the client's keytab. This is true even when the automounter is set up. Not only is this an extra step, but it forces all users to know their system's root password and the root principal's password.

To bypass this, you can add a client's root principal to the client's keytab, which will automatically provide credentials for root. Although this enables users to mount NFS file systems without running the kinit command and enhances ease-of-use, it is a security risk. For example, if someone gains access to a system with the root principal in its keytab, the person has the capability of obtaining credentials for root. So make sure you take the appropriate security precautions. See "Administering Keytabs" for more information.