# Using NFSv4 with Moonshot

The steps below have been tested on Debian Squeeze using MIT 1.10 (from testing), as described in the [[Debian guide|configuringdebian]].

## Install NFSv4 client/server and export a directory using standard Kerberos authentication
Make sure you can mount the filesystem with something like:

    # mount -t nfs4 -o sec=krb5 moonshot.ics.muni.cz:/ /mnt

## Remove the dependency on libgssglue
    $ apt-get source librpcsecgss
    $ cd librpcsecgss-0.19
    $ patch -p0 < librpcsecgss.patch
    $ debuild -us -uc
    # dpkg -i ../librpcsecgss*deb

The librpcsecgss.patch mentioned above is [[here|librpcsecgss.patch]]


## Install kernel that supports strong encryption (i.e. >= 2.6.35)
    # apt-get install -t testing linux-image-amd64
    # reboot

## Build nfs-utils
    $ git clone https://github.com/kouril/nfs-utils.git
    $ cd nfs-utils
    $ ./autogen.sh
    $ ./configure GSSGLUE_CFLAGS=-I. GSSGLUE_LIBS=-lgssapi_krb5
    $ make
    # utils/gssd/gssd -n
    # utils/gssd/svcgssd -n

## Configure identity mapping
Edit /etc/idmapd.conf specifying:

    Domain = ics.muni.cz
    ....

    [Translation]
    Method = static
    
    [Static]
    kouril@ics.muni.cz = kouril

Restart the idmapd

## Mount the exported directory:
Standard mount and other tools should be enough to

    # mount -t nfs4 -o sec=krb5 moonshot.ics.muni.cz:/ /mnt
     
Each user accessing the /mnt mount point must have their $HOME/.gss_eap_id properly populated, otherwise they will only be provided with anonymous access.