Commands summary
Here are three commands to facilitate and controlling the setup of
a linux kerberized NFS environmment.
- krbkdcsv
: setup a
Kerberos KDC and a Kerberos administration Server
First, krbkdcsv
has to be
run on the machine choiced to be the Kerberos KDC and a Kerberos
administration Server.
After, krbnfssv
is run on
the machine choiced to be the Kerberos NFS Server.
Then, krbnfscl
is run on
the machine to the Kerberos NFS Client.
Now the kerberized nfs mount
can be done.
Parameters are interactively asked when not given in the command line.
Where to find the commands
krbkdcsv
krbnfssv
krbnfscl
krbkdcsv
command
Purpose:
This shell command
takes care of setting a Kerberos KDC and a Kerberos administration
Server.
Written to be run by root on the machine to be the Kerberos NFS
Server
and the KDC Server.
Usage :
krbkdcsv {start | status }
start: First KRB KDC server
initialisation
status: Check if the KRB KDC Server is still OK
krbkdcsv
start { -h | {-a kerberos administrator
principal} {-b kerberos server}
{-c krb5.conf file directory} {-C kdc.conf file directory} {-d domain }
{-k kdc server} {-r realm} {-v}}
krbkdcsv status { -h | {-a kerberos
administrator principal} {-v}}
Description:
The krbkdcsv command configures the KDC and Kerberos server.
This command creates the krb5.conf, the kdc.conf file,the
Kerberos
database and the kadm5.acl file. Those files can be edited to modify
the parameters set by this initial configuration.
The command does some controls:
start:
- checks Kerberos Server package
- checks REALM is UPPER CASE
- checks kerberos daemons running (krb5kdc, kadmind)
- checks KDC and administration server is operational
status:
- checks kerberos daemons running (krb5kdc, kadmind)
- checks KDC and administration server is operational
Flags:
-a : kerberos administrator
principal
-b : kerberos server name
-c : directory where is located the krb5.conf file
-C :directory where is located the kdc.conf file
-d : domain name for the Kerberos realm
-h : help to display the command syntax
-k : KDC server name
-r : realm for which the Kerberos server is to be configured
-v : verbose mode
krbnfssv Command
Purpose:
This shell command takes care of setting a Kerberos NFS
Server.
Written to be run by root on the machine to be the Kerberos NFS
Server.
Usage :
krbnfssv {start | status }
start: First Kerberized NFS Server
initialisation
status: Check the kerberised NFS Server configuration is still OK
krbnfssv start { -h | {-b kerberos server} {-c krb5.conf file
directory} {-d domain } {-k kdc server} {-r realm} {-v}}
krbnfssv status { -h | {-b kerberos server} {-k kdc server} {-v}}
Description:
The krbnfssv command configures a kerberized NFS Server.
The command does some controls:
start:
- checks Kerberos Client package
- checks REALM is UPPER CASE
- checks time is synchronised (<300s) with the KDC Server
machine
time
- checks hostname is a full qualified name
- checks the /etc/hosts file lists the fully-qualified domain name
as the first entry on the line
with
the machine's IP address,
- checks in /etc/resolv.conf name
server is the same as in
/etc/resolv.conf of the KDC Server
- checks the /etc/services file lists the nfs service (port
2049)
- checks KDC and Kerberos Server are reachable
- checks kerberos daemons running (krb5kdc, kadmind) on the
Kerberos
Server
- checks nfs server daemons are running
status:
- checks KDC and Kerberos Server
are
reachable
- checks kerberos daemons running (krb5kdc, kadmind) on the
Kerberos
Server
- checks time is synchronised (<300s) with the KDC Server
machine
time
- checks hostname is a full qualified domain name
- checks the /etc/hosts file lists
the
fully-qualified domain name as the first entry on the line with the
machine's IP address
- checks in /etc/resolv.conf name
server is the same as in /etc/resolv.conf of the KDC Server - checks
nfs server daemons are running
- checks the /etc/services file lists the nfs service (port 2049)
Flags:
-b : kerberos server name
-c : directory where is located
the
krb5.conf file
-d : domain name for the Kerberos
realm
-h : help to display the command syntax
-k : KDC server name
-r : realm for which the Kerberos
server is to be configured
-v : verbose mode
- display more messages
- start rpc.svcgssd with verbose
mode (
rpc.svcgssd -vvv)
krbnfscl
Command
Purpose:
This shell command
takes care of setting a Kerberos NFS Client.
Written to be run by root on the machine to be the Kerberos NFS
Client.
Usage :
krbnfscl {start
| status }
start: First Kerberized NFS Server
initialisation
status:
Check the kerberised NFS client configuration is still OK
krbnfscl
start { -h | {-b kerberos server} {-c krb5.conf file repertory} {-d
domain } {-k kdc server} {-r realm} {-s nfs server} { -u user } {-v}}
krbnfscl status { -h | {-b kerberos server} {-k kdc server} {-r realm}
{-s nfs server} {-v}}
Description:
The krbnfscl command configures a kerberized NFS Client.
The command does some controls:
start:
- checks Kerberos Client package
- checks REALM is UPPER CASE
- checks times is synchronised (<300s) with the KDC Server machine
time
- checks hostname is a full qualified domain name
- checks the /etc/hosts file lists the fully-qualified domain name as
the first entry on the line with the machine's IP address,
- checks in /etc/resolv.conf the name server is the same as in
/etc/resolv.conf of the KDC Server
- checks the /etc/services file lists the nfs service (port
2049)
- checks KDC,Kerberos Server and NFS Server are reachable
- checks the kerberos daemons are running (krb5kdc, kadmind) on the
Kerberos Server
- checks the nfs server daemons are running on the NFS Server
status:
- checks REALM is UPPER CASE
- checks time is synchronised (<300s) with the KDC Server machine
time
- checks hostname is a full qualified domain name
- checks the /etc/hosts file lists the fully-qualified domain name as
the first entry on the line with the machine's IP address,
- checks in /etc/resolv.conf name server is the same as in
/etc/resolv.conf of the KDC Server
- checks the /etc/services file lists the nfs service (port 2049)
- checks KDC,Kerberos Server and nfs Server are reachable
- checks kerberos daemons are running (krb5kdc, kadmind) on the
Kerberos Server
- checks nfs server daemons are running on the NFS Server
- checks rpc.gssd and rpc.svcgssd are running
Flags:
-b : kerberos server name
-c : directory where is located the krb5.conf file
-d : domain name for the Kerberos realm
-h : help to display the command syntax
-k : KDC server name
-r : realm for which the Kerberos server is to be
configured
-s : nfs server name
-u : user name
-v : verbose mode
Evolution
If something was uncomplete or wrong, for improvments feel free
to contact
us to
modify
these commands.
