27.6 NFS with Kerberos
To use Kerberos authentication for NFS, GSS security must be enabled. To
do so, select in the initial
YaST dialog. Note, that you must have a working Kerberos server to use
this feature. YaST does not set up the server but only uses the
provided functionality. If you want to use Kerberos authentication, in
addition to the YaST configuration, complete at least the following
steps before running the NFS configuration:
-
Make sure that both, the server and the client are in the same Kerberos
domain. This means that they access the same KDC (Key Distribution
Center) server and share their krb5.keytab file
(the default location on any machine is
/etc/krb5.keytab).
-
Start the gssd service on the client with rcgssd
start.
-
Start the svcgssd service on the server with rcsvcgssd
start.
For further information about configuring kerberized NFS, refer to the
links in Section 27.7, For More Information.