1 # Using NFSv4 with Moonshot
3 The steps below have been tested on Debian Squeeze using MIT 1.10 (from testing), as described in the [[Debian guide|configuringdebian]].
5 ## Install NFSv4 client/server and export a directory using standard Kerberos authentication
6 Make sure you can mount the filesystem with something like:
8 # mount -t nfs4 -o sec=krb5 moonshot.ics.muni.cz:/ /mnt
10 ## Remove the dependency on libgssglue
11 $ apt-get source librpcsecgss
12 $ cd librpcsecgss-0.19
13 $ patch -p0 < librpcsecgss.patch
15 # dpkg -i ../librpcsecgss*deb
17 The librpcsecgss.patch mentioned above is [[here|librpcsecgss.patch]]
20 ## Install kernel that supports strong encryption (i.e. >= 2.6.35)
21 # apt-get install -t testing linux-image-amd64
25 $ git clone https://github.com/kouril/nfs-utils.git
28 $ ./configure GSSGLUE_CFLAGS=-I. GSSGLUE_LIBS=-lgssapi_krb5
31 # utils/gssd/svcgssd -n
33 ## Configure identity mapping
34 Edit /etc/idmapd.conf specifying:
43 kouril@ics.muni.cz = kouril
47 ## Mount the exported directory:
48 Standard mount and other tools should be enough to
50 # mount -t nfs4 -o sec=krb5 moonshot.ics.muni.cz:/ /mnt
52 Each user accessing the /mnt mount point must have their $HOME/.gss_eap_id properly populated, otherwise they will only be provided with anonymous access.