Hi folks,
I have a question from my customer about NFS that I can't answer. So I need some help from our NFS "gurus".
Here is the question:
Today we evaluate the possibility to use the NFS service for our Linux systems.
Because not all the Linux server are in one room, we need enhanced security.
Today we use the System-V security adjustments for the exports:
/vol/proj000 -sec=sys,rw=192.0.16.0/24,root=192.0.16.97
For the Linux Systems we must use parallel to the System-V security also Kerberos.
Question:
Is it possible to use Kerberos and System-V on a Volume/NFS export simultaneous?
Is it possible, on the same Volume/NFS export, to use the IP-Address room ( for example 192.0.16.0/24) only with System-V security
and the IP-Address room ( for example 192.0.34.0/24) only with Kerberos?
big thanks 4 help
Michael
Mit freundlichen Grüßen - Kind regards
Michael Olfen
Senior System Engineer
Network Appliance GmbH
Bretonischer Ring 6
D - 85630 Grasbrunn
Tel.: +49-89-900594-104
Mobil: +49-151-12055642
Fax: +49-89-900594-99
molfen@netapp.com mailto:molfen@netapp.com
www.netapp.de http://www.netapp.de
Diese e-Mail kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese e-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese e-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser e-Mail und ihrer Inhalte ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended addressee or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Network Appliance GmbH, Bretonischer Ring 6, 85630 Grasbrunn, Handelsregister: AG München HRB113907, Geschäftsführer: Manfred Reitner
From the man page, it appears you can:
sec=sectype[:sectype...] Specifies the security types that an NFS client must support to access the file system path. To apply the security types to all types of access, specify the sec= option once. To apply the security types to specific types of access (anonymous, non-super user, read-only, read-write, or root), specify the sec= option at least twice, once before each access type to which it applies (anon, nosuid, ro, rw, or root, respectively). Note: You cannot apply the same security type to more than one access type. By default, an NFS client must support the sys security type to access a file system path.
At least that's how I read it.
-- Adam Fox adamfox@netapp.com
________________________________
From: Olfen, Michael Sent: Friday, February 22, 2008 8:45 AM To: c-dl-ses; toasters@mathworks.com Cc: Brendle, Andreas Subject: NFS question
Hi folks,
I have a question from my customer about NFS that I can't answer. So I need some help from our NFS "gurus".
Here is the question:
Today we evaluate the possibility to use the NFS service for our Linux systems.
Because not all the Linux server are in one room, we need enhanced security.
Today we use the System-V security adjustments for the exports:
/vol/proj000 -sec=sys,rw=192.0.16.0/24,root=192.0.16.97
For the Linux Systems we must use parallel to the System-V security also Kerberos.
Question:
Is it possible to use Kerberos and System-V on a Volume/NFS export simultaneous?
Is it possible, on the same Volume/NFS export, to use the IP-Address room ( for example 192.0.16.0/24) only with System-V security
and the IP-Address room ( for example 192.0.34.0/24) only with Kerberos?
big thanks 4 help
Michael
Mit freundlichen Grüßen - Kind regards
Michael Olfen
Senior System Engineer
Network Appliance GmbH
Bretonischer Ring 6
D - 85630 Grasbrunn
Tel.: +49-89-900594-104
Mobil: +49-151-12055642
Fax: +49-89-900594-99
molfen@netapp.com mailto:molfen@netapp.com
www.netapp.de http://www.netapp.de
Diese e-Mail kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese e-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese e-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser e-Mail und ihrer Inhalte ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended addressee or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Network Appliance GmbH, Bretonischer Ring 6, 85630 Grasbrunn, Handelsregister: AG München HRB113907, Geschäftsführer: Manfred Reitner
-
Fox, Adam -
Olfen, Michael