The steps below have been tested on Debian Squeeze using MIT 1.10 (from testing), as described in the [[Debian guide|configuringdebian]].
+## Install NFSv4 client/server and export a directory using standard Kerberos authentication
+Make sure you can mount the filesystem with something like:
+
+ # mount -t nfs4 -o sec=krb5 moonshot.ics.muni.cz:/ /mnt
+
## Remove the dependency on libgssglue
$ apt-get source librpcsecgss
$ cd librpcsecgss-0.19
$ debuild -us -uc
# dpkg -i ../librpcsecgss*deb
+The librpcsecgss.patch mentioned above is [[here|librpcsecgss.patch]]
+
+
## Install kernel that supports strong encryption (i.e. >= 2.6.35)
# apt-get install -t testing linux-image-amd64
+ # reboot
+
+## Build nfs-utils
+ $ git clone https://github.com/kouril/nfs-utils.git
+ $ cd nfs-utils
+ $ ./autogen.sh
+ $ ./configure GSSGLUE_CFLAGS=-I. GSSGLUE_LIBS=-lgssapi_krb5
+ $ make
+ # utils/gssd/gssd -n
+ # utils/gssd/svcgssd -n
+
+## Configure identity mapping
+Edit /etc/idmapd.conf specifying:
+
+ Domain = ics.muni.cz
+ ....
+
+ [Translation]
+ Method = static
+
+ [Static]
+ kouril@ics.muni.cz = kouril
+
+Restart the idmapd
+
+## Mount the exported directory:
+Standard mount and other tools should be enough to
+ # mount -t nfs4 -o sec=krb5 moonshot.ics.muni.cz:/ /mnt
+Each user accessing the /mnt mount point must have their $HOME/.gss_eap_id properly populated, otherwise they will only be provided with anonymous access.
projects / devwiki.git / blobdiff