Configuring a Kerberos realm creates certain service principals and adds the necessary keys to the system's local keytab. The NTP service must be configured before configuring Kerberized NFS. The following service principals are created and updated to support Kerberized NFS:
host/node1.example.com@EXAMPLE.COM nfs/node1.example.com@EXAMPLE.COM
If you clustered your appliances, principals and keys are generated for each cluster node:
host/node1.example.com@EXAMPLE.COM nfs/node1.example.com@EXAMPLE.COM host/node2.example.com@EXAMPLE.COM nfs/node2.example.com@EXAMPLE.COM
If these principals have already been created, configuring the realm resets the password for each of those principals.
For information on setting up KDCs and Kerberized clients, see Oracle Solaris 11.1 Administration: Security Services (http://docs.oracle.com/cd/E26502_01/html/E29015/index.html). For information about the appliance Kerberos service, see Kerberos Configuration. After configuring Kerberos, change the Security mode on the Shares->Filesystem->Protocols screen to a mode using Kerberos.