How to Set Up a Secure NFS Environment With KERB Authentication
-
Edit the /etc/dfs/dfstab file and add the sec=krb4 option to the appropriate entries.
# share -F nfs -o sec=krb4 /export/home
-
Edit the
auto_masterdata to include sec=krb4 as a mount option.
/home auto_home -nosuid,sec=krb4
Note -With 2.5 and earlier Solaris releases, if a client does not mount as secure a file system that is shared as secure, users have access as user nobody, rather than as themselves. With Version 2 on later releases, the NFS server refuses access if the security modes do not match, unless -sec=none is included on the share command line. With version 3, the mode is inherited from the NFS server, so there is no need for the clients to specify -sec=krb4 or -sec=dh. The users have access to the files as themselves.
- © 2010, Oracle Corporation and/or its affiliates