Configuring Kerberos Realms for NFS

Configuring a Kerberos realm creates certain service principals and adds the necessary keys to the system's local keytab. The NTP service must be configured before configuring Kerberized NFS. The following service principals are created and updated to support Kerberized NFS:

host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM

If you clustered your appliances, principals and keys are generated for each cluster node:

host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM
host/node2.example.com@EXAMPLE.COM
nfs/node2.example.com@EXAMPLE.COM

If these principals have already been created, configuring the realm resets the password for each of those principals.

For information on setting up KDCs and Kerberized clients, see Oracle Solaris documentation, which can be found at https://docs.oracle.com/en/operating-systems/solaris.html. For information about the appliance Kerberos service, see Kerberos Configuration. After configuring Kerberos, change the Security mode on the Shares: Filesystem: Protocols screen to a mode using Kerberos.

Note:

Kerberized NFS clients must access Oracle ZFS Storage Appliance using an IP address that resolves to an FQDN for those principals. For example, if an appliance is configured with multiple IP addresses, only the IP address that resolves to the appliance's FQDN can be used by its Kerberized NFS clients.