Table of Contents
Advertisement
Configuring Services
Configuring Kerberos Realms for NFS
Configuring a Kerberos realm creates certain service principals and adds the necessary keys to
the system's local keytab. The NTP service must be configured before configuring Kerberized
NFS. The following service principals are created and updated to support Kerberized NFS:
host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM
If you clustered your appliances, principals and keys are generated for each cluster node:
host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM
host/node2.example.com@EXAMPLE.COM
nfs/node2.example.com@EXAMPLE.COM
If these principals have already been created, configuring the realm resets the password for each
of those principals.
For information on setting up KDCs and Kerberized clients, see
Administration: Security Services (http://docs.oracle.com/cd/E26502_01/html/E29015/
index.html). After setting NFS properties for Kerberos, change the Security mode on the
Shares->Filesystem->Protocols screen to a mode using Kerberos.
The following ports are used by the appliance for Kerberos.
Kerberos V authentication: 88
■
Kerberos V change and set password SET_CHANGE: 464
■
Kerberos V change and set password RPCSEC_GSS: 749
■
Note -
to an FQDN for those principals. For example, if an appliance is configured with multiple
IP addresses, only the IP address that resolves to the appliance's FQDN can be used by its
Kerberized NFS clients.
NFS Logs and Analytics
These logs are available for the NFS service:
TABLE 51
Log
network-nfs-server:default
appliance-kit-nfsconf:default
240
Oracle ZFS Storage Appliance Administration Guide, Release OS8.6.x • September 2016
Kerberized NFS clients must access the appliance using an IP address that resolves
Logs Available for NFS
Oracle Solaris 11.1
Description
Master NFS server log
Log of appliance NFS configuration events
Advertisement
Table of Contents
