CentOS7.4_Kerberized_NFS

1. Kerberos -
2. [root@Cent-Pro ~]# cat /var/kerberos/krb5kdc/kdc.conf
3. [kdcdefaults]
4.  kdc_ports = 88
5.  kdc_tcp_ports = 88
6.  
7. [realms]
8.  EXAMPLE.EXAM = {
9.   master_key_type = aes256-cts
10.   default_principal_flags = +preauth
11.   acl_file = /var/kerberos/krb5kdc/kadm5.acl
12.   dict_file = /usr/share/dict/words
13.   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
14.   supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
15.  }
16. [root@Cent-Pro ~]# cat /var/kerberos/krb5kdc/kadm5.acl
17. */admin@EXAMPLE.EXAM    *
18.  
19. root@Cent-Pro ~]# cat /etc/krb5.conf
20. # Configuration snippets may be placed in this directory as well
21. includedir /etc/krb5.conf.d/
22.  
23. [logging]
24.  default = FILE:/var/log/krb5libs.log
25.  kdc = FILE:/var/log/krb5kdc.log
26.  admin_server = FILE:/var/log/kadmind.log
27.  
28. [libdefaults]
29.  dns_lookup_realm = false
30.  ticket_lifetime = 24h
31.  renew_lifetime = 7d
32.  forwardable = true
33.  rdns = false
34.  default_realm = EXAMPLE.EXAM
35.  default_ccache_name = KEYRING:persistent:%{uid}
36.  
37. [realms]
38.  EXAMPLE.COM = {
39.   kdc = Cent-Pro.example.exam
40.   admin_server = Cent-Pro.example.exam
41.  }
42.  
43. [domain_realm]
44.  .example.exam = EXAMPLE.EXAM
45.  example.com = EXAMPLE.EXAM
46.  
47. -------------------
48.  
49. [root@CentOS-Server1 ~]# cat /etc/exports
50. #/nfsshare  CentOS-Client1.example.exam(rw)
51. /nfsshare   10.10.100.0/24(rw,no_root_squash)
52. /nfs_k_share    CentOS-Client1.example.exam(rw,sec=krb5p,sync)
53.  
54.  
55. The server and client machines are already autheticated and nfs directivess are present -
56.  
57. [root@CentOS-Client1 ~]# klist -k
58. Keytab name: FILE:/etc/krb5.keytab
59. KVNO Principal
60. ---- --------------------------------------------------------------------------
61.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
62.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
63.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
64.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
65.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
66.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
67.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
68.    3 nfs/CentOS-Client1.example.exam@EXAMPLE.EXAM
69. [root@CentOS-Client1 ~]#
70.  
71. [root@CentOS-Server1 ~]# klist -k
72. Keytab name: FILE:/etc/krb5.keytab
73. KVNO Principal
74. ---- --------------------------------------------------------------------------
75.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM
76.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM
77.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM
78.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM
79.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM
80.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM
81.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM
82.    3 nfs/CentOS-Server1.example.exam@EXAMPLE.EXAM