Hi all, I am supposed to create some sort of reliable NFS client authentication. As we are using NFS 3 at the moment, I thought it would be good to implement Kerberos 5 and NFS 4. At this point the only requirement is host-based authentication, however, I verified that NFS4 needs user one as well.
My problem is that we have long running processes on the clients (often span over a week). Example: user1 logs in and submits hundreds of jobs to our processing cluster. The jobs spread over 10 NFS clients , where they crunch data locally. At some point they write and read from the NFS server. If the Kerberos ticket is expired at that time the client won't be able to complete their tasks. That means the Kerberos ticket will need auto-renewal, which IMO kind of defeats the purpose of having authentication. Questions: - how many times I can renew a ticket without issuing new one?; - are there any alternatives for good NFS client host-based authentication?; Any advice of how to approach this would be appreciated! Thanks, George Stoynev
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
