Go to main content

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Exit Print View

» ...Documentation Home » Oracle ZFS Storage Appliance, Release OS8.7.x ... » Oracle^® ZFS Storage Appliance ... » Appliance Services » Configuring Services » NFS Configuration » Configuring Kerberos Realms for NFS

Updated: November 2018

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Document Information

About Oracle ZFS Storage Appliance

Configuring the Appliance

Appliance Services

Managing Services

Configuring Services

Active Directory Configuration

Joining an AD Domain (BUI)

Joining an AD Workgroup (BUI)

Configuring Active Directory (CLI)

Active Directory Join Domain

Active Directory Domains and Workgroups

Active Directory Windows Server Support

DNS Configuration

Configuring DNS (BUI)

Configuring DNS (CLI)

Testing Hostname Resolution (CLI)

Adding a DNS Server (BUI)

Adding a DNS Server (CLI)

Viewing DNS Server Status (BUI)

Viewing DNS Server Status (CLI)

DNS Properties and Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

Dynamic Routing Configuration

FTP Configuration

Adding FTP Access to a Share (BUI)

HTTP Configuration

Adding HTTP Access to a Share (BUI)

HTTP Properties and Logs

HTTP Authentication and Access Control

Object Store Configuration

HTTPS Configuration

HTTPS Properties and Logs

Identity Mapping Configuration

Configuring Identity Mapping (BUI)

Configuring Identity Mapping (CLI)

Creating a Mapping Rule (BUI)

Creating a Mapping Rule (CLI)

Viewing a Mapping (BUI)

Flushing Mappings from the Cache (BUI)

Flushing Mappings from the Cache (CLI)

Identity Mapping Best Practices

Identity Mapping Concepts

Cached and Ephemeral Mappings

Identity Mapping Case Sensitivity

Mapping Rule Directional Symbols

IPMP Configuration

iSCSI Configuration

Kerberos Configuration

Creating a Kerberos Realm (BUI)

Creating a Kerberos Realm (CLI)

Importing Kerberos Keys (BUI)

Importing Kerberos Keys (CLI)

Creating Kerberos Principals and Keys (BUI)

Creating Kerberos Principals and Keys (CLI)

Deleting Kerberos Principals and Keys (BUI)

Deleting Kerberos Principals and Keys (CLI)

Destroying a Kerberos Realm (BUI)

Destroying a Kerberos Realm (CLI)

Kerberos Service Properties

Kerberos Properties and Logs

LDAP Configuration

Adding an Appliance Administrator (BUI)

Setting Properties with Multiple Attribute Value Pairs (CLI)

Configuring LDAP Security Settings (BUI)

Configuring LDAP Security Settings (CLI)

Monitoring LDAP Server Status (BUI)

Monitoring LDAP Server Status (CLI)

LDAP Properties

LDAP Custom Mappings

NDMP Configuration

NDMP Local vs. Remote Configurations

NDMP Backup Formats and Types

NDMP Backup with Types dump and tar

NDMP Backup with Type zfs

NDMP Incremental Backups

Replica Backups

NDMP Properties and Logs

NFS Configuration

NFS Service Properties

Configuring Kerberos Realms for NFS

NFS Logs and Analytics

NFS Naming Service Dependencies

Sharing a Filesystem Over NFS

NIS Configuration

Adding an Appliance Administrator from NIS (BUI)

NIS Properties and Logs

NTP Configuration

Setting Clock Synchronization (BUI)

Configuring NTP (CLI)

Phone Home Configuration

Registering the Appliance (BUI)

Registering the Appliance (CLI)

Changing Account Information (BUI)

Phone Home Properties

RESTful API Configuration

Service Tags Configuration

SFTP Configuration

Adding SFTP Access to a Share (BUI)

Configuring SFTP for Remote Access (CLI)

SFTP Properties, Ports, and Logs

Shadow Migration Configuration

SMB Configuration

SMB Service Properties

Setting Properties to Export Shares over SMB

NFS/SMB Interoperability

SMB DFS Namespaces

SMB Microsoft Stand-alone DFS Namespace Management Tools Support Matrix

Adding DFS Namespaces to a Local SMB Group

Adding SMB Autohome Rules (CLI)

Adding a User to an SMB Local Group

SMB MMC Integration

SMB Share Management

SMB Users, Groups, and Connections

Listing SMB Services

Configuring SMB (BUI)

Configuring SMB Active Directory (BUI)

Configuring SMB Project and Share (BUI)

Configuring SMB Data Service (BUI)

SMTP Configuration

SNMP Configuration

Configuring SNMP to Serve Appliance Status (BUI)

Configuring SNMP to Send Traps (BUI)

SNMP Properties

SRP Configuration

SSH Configuration

Disabling root SSH Access (CLI)

SSH Properties and Logs

Syslog Configuration

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

SYSLOG Message Format

SYSLOG Alert Message Format

Example Configuring an Oracle Solaris Receiver (CLI)

Example Configuring a Linux Receiver (CLI)

System Identity Configuration

System Identity Properties and Logs

TFTP Configuration

Adding TFTP Access to a Share (BUI)

Virus Scan Configuration

Configuring Virus Scanning for a Share (BUI)

Virus Scan Properties and Logs

Virus Scan File Extensions

Scanning Engines

Shares and Projects

Shadow Migration

Snapshots and Clones

Remote Replication

Data Encryption

Maintenance Workflows

Language:

Configuring Kerberos Realms for NFS

Configuring a Kerberos realm creates certain service principals and adds the necessary keys to the system's local keytab. The NTP service must be configured before configuring Kerberized NFS. The following service principals are created and updated to support Kerberized NFS:

host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM

If you clustered your appliances, principals and keys are generated for each cluster node:

host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM
host/node2.example.com@EXAMPLE.COM
nfs/node2.example.com@EXAMPLE.COM

If these principals have already been created, configuring the realm resets the password for each of those principals.

For information on setting up KDCs and Kerberized clients, see Oracle Solaris 11.1 Administration: Security Services (http://docs.oracle.com/cd/E26502_01/html/E29015/index.html). For information about the appliance Kerberos service, see Kerberos Configuration. After configuring Kerberos, change the Security mode on the Shares->Filesystem->Protocols screen to a mode using Kerberos.

Note - Kerberized NFS clients must access the appliance using an IP address that resolves to an FQDN for those principals. For example, if an appliance is configured with multiple IP addresses, only the IP address that resolves to the appliance's FQDN can be used by its Kerberized NFS clients.

Copyright © 2009, 2018, Oracle and/or its affiliates. All rights reserved.