How to Set Up a Secure NFS Environment With KERB Authentication
-
Edit the /etc/dfs/dfstab file and add the -sec=krb4 option to the appropriate entries.
# share -F nfs -o sec=krb4 /export/home
-
Edit the
auto_masterdata to include -sec=krb4 as a mount option.
/home auto_home -nosuid,sec=krb4
Note -With Solaris 2.5 and earlier releases, if a client does not mount as secure a file system that is shared as secure, users have access as user nobody, rather than as themselves. With Version 2 on the Solaris 2.6 release, the NFS server will refuse access if the security modes do not match, unless -sec=none is included on the share command line. With version 3, the mode will be inherited from the NFS server, so there is no need for the clients to specify -sec=krb4 or -sec=dh. The users will have access to the files as themselves.
- © 2010, Oracle Corporation and/or its affiliates