Note:Oracle objects exported through OFS server can be accessed by NFS clients by mounting them on the client machines
Prerequisites to Access Storage Through NFS Server
The prerequisites to access storage through NFS server are as follows:
DBFS file system must be created before using OFS.
You should be able to mount the file systems exported by the database.
NFS server must be configured with
KERNELmodule is supported through
FUSEdriver for Linux.
Starting from Oracle Database 12c Release 2 (184.108.40.206), OFS will use the OS authentication model to authorize NFS client users. If the user is accessing a local node (where the Oracle instance is running), the access to each file in the file system is controlled through Unix Access Control List set for each object. On Linux, OFS uses FUSE to receive file system requests from the OS kernel or NFS client. This requires
user_allow_other parameter to be set in
/etc/fuse.conf configuration file if an OS user other than the
root user and oracle user need to access the file system.
Note:Users can also be configured with an Oracle password to log into Oracle client tools like
SQL* Plusto execute SQL's.
If the network is not secure, the customer is advised to setup Kerberos to authenticate the user using OS NFS.
The Kerberos authentication is available from NFS version 4 onwards. If the OFS is exported via NFS version 3, the authentication is performed using
For local node, the authentication is performed using
AUTH_SYSirrespective of how the OFS is exported (NFS version 3 or NFS version 4).
This section contains the following topic:
Kerberos is the widely used security mechanism that provides all three flavors of security:
Kerberos uses encryption technology, Key Distribution Center(KDC), and an arbitrator to perform secure authentication on open networks. Kerberos Infrastructure consists of Kerberos software, secured authentication servers, centralized account and password store, and systems configured to authenticate through the Kerberos protocol. The OS NFS server handles the complete authentication and integrity checks by using kerberos principal name as the user name. Once the authentication is performed, the requests passed to the Oracle kernel are handled based on the user name passed through the VFS I/O request.
Configuring Kerberos Server in Linux
The steps to configure Kerberos server in a Linux system is as follows:
Install Kerberos software in the Linux system.
Check if the daemons are running using the following commands.
# /sbin/chkconfig krb5kdc on # /sbin/chkconfig kadmin on
If the daemons are not running use the following commands to start the daemons manually:
# /etc/rc.d/init.d/krb5kdc start # /etc/rc.d/init.d/kadmin start
Add user principal using the
kadmin.local: addprinc <scott>