next up previous contents
Next: NFSv4+kerberos 除錯 Up: Network File System, NFS Previous: NFS Client 端掛載設定   Contents

NFS Client 端權限測試

  1. 先查看下載的 keytab 有沒有 deyu3 principal,考試時一定會有,否則用戶 deyu3 無法取得權限寫入 NFS 安全掛載目錄。
    [root@kvm7 ~]# klist -kte /etc/krb5.keytab
    Keytab name: FILE:/etc/krb5.keytab
    KVNO Timestamp           Principal
    ---- ------------------- ------------------------------------------------------
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/14/2015 11:54:09 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5) 
       3 12/14/2015 19:30:37 deyu3@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       3 12/14/2015 19:30:37 deyu3@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       3 12/14/2015 19:30:38 deyu3@DEYU.WANG (des3-cbc-sha1) 
       3 12/14/2015 19:30:38 deyu3@DEYU.WANG (arcfour-hmac) 
       3 12/14/2015 19:30:38 deyu3@DEYU.WANG (camellia256-cts-cmac) 
       3 12/14/2015 19:30:38 deyu3@DEYU.WANG (camellia128-cts-cmac) 
       3 12/14/2015 19:30:38 deyu3@DEYU.WANG (des-hmac-sha1) 
       3 12/14/2015 19:30:38 deyu3@DEYU.WANG (des-cbc-md5)
    
  2. 切換成用戶 deyu3。
    [root@kvm7 ~]# su - deyu3
    Last login: Mon Dec 14 21:33:42 CST 2015 on pts/0
    
  3. 查看掛載情形,因為 deyu3 還沒取得 Kerberos tickets,所以無法看到掛載的 /mnt/nfssecure,當然也無法對其存取。
    [deyu3@kvm7 ~]$ df
    df: ‘/mnt/nfssecure’: Permission denied
    Filesystem                  1K-blocks    Used Available Use% Mounted on
    /dev/mapper/vg_kvm7usb-root   3159816 1122804   1856788  38% /
    devtmpfs                       498588       0    498588   0% /dev
    tmpfs                          508600       0    508600   0% /dev/shm
    tmpfs                          508600    6736    501864   2% /run
    tmpfs                          508600       0    508600   0% /sys/fs/cgroup
    /dev/mapper/vg_kvm7home-vo      75231    1569     67928   3% /home
    /dev/vda1                      201388  109264     92124  55% /boot
    //kvm5.deyu.wang/data         3159816 1131144   1848448  38% /mnt/multi
    kvm5.deyu.wang:/public        3159936 1131264   1848448  38% /mnt/nfsmount
    
  4. 執行 kinit 以下載的 /etc/krb5.keytab 取得 Kerberos tickets。
    [deyu3@kvm7 ~]$ kinit -k deyu3@DEYU.WANG
    
  5. 執行 klist 列出 deyu3 principal 的 Kerberos tickets。
    [deyu3@kvm7 ~]$ klist 
    Ticket cache: KEYRING:persistent:1000:krb_ccache_J1ic1Mg
    Default principal: deyu3@DEYU.WANG
    
    Valid starting       Expires              Service principal
    12/14/2015 19:31:25  12/15/2015 19:31:25  krbtgt/DEYU.WANG@DEYU.WANG
    
  6. 再查看掛載情形,可以看到掛載點 /mnt/nfssecure。
    [deyu3@kvm7 ~]$ df
    Filesystem                  1K-blocks    Used Available Use% Mounted on
    /dev/mapper/vg_kvm7usb-root   3159816 1122804   1856788  38% /
    devtmpfs                       498588       0    498588   0% /dev
    tmpfs                          508600       0    508600   0% /dev/shm
    tmpfs                          508600    6736    501864   2% /run
    tmpfs                          508600       0    508600   0% /sys/fs/cgroup
    /dev/mapper/vg_kvm7home-vo      75231    1569     67928   3% /home
    /dev/vda1                      201388  109264     92124  55% /boot
    //kvm5.deyu.wang/data         3159816 1131144   1848448  38% /mnt/multi
    kvm5.deyu.wang:/public        3159936 1131264   1848448  38% /mnt/nfsmount
    kvm5.deyu.wang:/protected     3159936 1131264   1848448  38% /mnt/nfssecure
    
  7. 用戶 deyu3 成功寫入資料。
    [deyu3@kvm7 ~]$ echo 'deyu3' > /mnt/nfssecure/restricted/deyu3.txt
    [deyu3@kvm7 ~]$ cat /mnt/nfssecure/restricted/deyu3.txt
    deyu3
    



2017-11-30