Hi; My sincere apologies if the questions here are inappropriate.
I am doing a PoC of 4 x Solaris servers. 1 x KDC 1 x NFS Server 1 x NFS Client 1 x DNS Server It's a self contained setup. At least it's supposed to be. The idea is to setup Secure NFS (not in terms of encryption but rather just authentication). So the idea is to securely mount (in terms of access restriction only, encryption not required) the NFS exported file system on the NFS Client. Firstly, Kerberos would properly do the authentication but I am wondering whether I would need to setup an LDAP or NIS+ server in the above setup to properly demonstrate the access restriction and authentication features of Kerberos? Since only root on the client can mount any file system (let's not talk RBAC), wouldn't anybody on the client then be able to access the mount point? If so, would I be relying on UFS file systems access restrictions only? How do I restrict access on the clients to the NFS exported file system on the NFS Server through Kerberos? Would an LDAP server be required? I have been told many times that Kerberos is authentication only and not authorization. The question here is whether an LDAP/NIS+ server be required in the above supposedly self-contained setup? Warmest Regards Steven Sim
