next up previous contents
Next: 除錯四-解題 Up: NFSv4+kerberos 除錯 Previous: 除錯二   Contents

除錯三

  1. 掛載拒絕存取,keytab 自行產生。
    [root@kvm7 ~]# mount.nfs4 -o sec=krb5p,v4.2 kvm5.deyu.wang:/protected /mnt/nfssecure
    mount.nfs4: access denied by server while mounting kvm5.deyu.wang:/protected
    
  2. nfs server kvm5 查到 /etc/krb5.keytab 中不同時間產生的 keytab 都存在,應該只存在最新的一組。
    [root@kvm5 ~]# klist -kte /etc/krb5.keytab
    Keytab name: FILE:/etc/krb5.keytab
    KVNO Timestamp           Principal
    ---- ------------------- ------------------------------------------------------
       2 12/04/2015 19:27:49 nfs/kvm5.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 19:27:49 nfs/kvm5.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 19:27:49 nfs/kvm5.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 19:27:49 nfs/kvm5.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 19:27:49 nfs/kvm5.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 19:27:49 nfs/kvm5.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 19:27:49 nfs/kvm5.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 19:27:50 nfs/kvm5.deyu.wang@DEYU.WANG (des-cbc-md5) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 19:32:14 nfs/kvm5.deyu.wang@DEYU.WANG (des-cbc-md5) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 19:40:13 nfs/kvm5.deyu.wang@DEYU.WANG (des-cbc-md5) 
       2 12/04/2015 20:08:50 nfs/kvm5.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 20:08:50 nfs/kvm5.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 20:08:50 nfs/kvm5.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 20:08:50 nfs/kvm5.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 20:08:50 nfs/kvm5.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 20:08:51 nfs/kvm5.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 20:08:51 nfs/kvm5.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 20:08:51 nfs/kvm5.deyu.wang@DEYU.WANG (des-cbc-md5)
    
  3. nfs server kvm5 刪除 /etc/krb5.keytab 中 principal nfs/kvm5.deyu.wang@DEYU.WANG 的 keytab。
    [root@kvm5 ~]# kadmin.local -q 'ktremove -k /etc/krb5.keytab nfs/kvm5.deyu.wang@DEYU.WANG'
    Authenticating as principal nfs/admin@DEYU.WANG with password.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
    
  4. nfs server kvm5 刪除 /etc/kvm7.keytab 中 principal nfs/kvm7.deyu.wang@DEYU.WANG 的 keytab。
    [root@kvm5 ~]# kadmin.local -q 'ktremove -k /etc/kvm7.keytab nfs/kvm7.deyu.wang@DEYU.WANG'
    Authenticating as principal nfs/admin@DEYU.WANG with password.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 2 removed from keytab WRFILE:/etc/kvm7.keytab.
    
  5. nfs server kvm5 重新產生 principal nfs/kvm5.deyu.wang@DEYU.WANG。
    [root@kvm5 ~]# kadmin.local -q "addprinc -pw 123qwe nfs/kvm5.deyu.wang"
    Authenticating as principal nfs/admin@DEYU.WANG with password.
    WARNING: no policy specified for nfs/kvm5.deyu.wang@DEYU.WANG; defaulting to no policy
    add_principal: Principal or policy already exists while creating "nfs/kvm5.deyu.wang@DEYU.WANG".
    
  6. nfs server kvm5 重新產生 principal nfs/kvm7.deyu.wang@DEYU.WANG。
    [root@kvm5 ~]# kadmin.local -q "addprinc -pw 123qwe nfs/kvm7.deyu.wang"
    Authenticating as principal nfs/admin@DEYU.WANG with password.
    WARNING: no policy specified for nfs/kvm7.deyu.wang@DEYU.WANG; defaulting to no policy
    add_principal: Principal or policy already exists while creating "nfs/kvm7.deyu.wang@DEYU.WANG".
    
  7. nfs server kvm5 重新產生 principal nfs/kvm7.deyu.wang@DEYU.WANG 的 keytab 存成 /etc/kvm7.keytab。
    [root@kvm5 ~]# kadmin.local -q 'ktadd -k /etc/kvm7.keytab nfs/kvm7.deyu.wang@DEYU.WANG'
    Authenticating as principal nfs/admin@DEYU.WANG with password.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     des3-cbc-sha1 added to keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     arcfour-hmac added to keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     camellia256-cts-cmac added to keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     camellia128-cts-cmac added to keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     des-hmac-sha1 added to keytab WRFILE:/etc/kvm7.keytab.
    Entry for principal nfs/kvm7.deyu.wang@DEYU.WANG with kvno 3, encryption type
     des-cbc-md5 added to keytab WRFILE:/etc/kvm7.keytab.
    
  8. nfs server kvm5 重新產生 principal nfs/kvm5.deyu.wang@DEYU.WANG 的 keytab 存成 /etc/kvm5.keytab。
    [root@kvm5 ~]# kadmin.local -q 'ktadd -k /etc/kvm5.keytab nfs/kvm5.deyu.wang@DEYU.WANG'
    Authenticating as principal nfs/admin@DEYU.WANG with password.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/kvm5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/kvm5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     des3-cbc-sha1 added to keytab WRFILE:/etc/kvm5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     arcfour-hmac added to keytab WRFILE:/etc/kvm5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     camellia256-cts-cmac added to keytab WRFILE:/etc/kvm5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     camellia128-cts-cmac added to keytab WRFILE:/etc/kvm5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     des-hmac-sha1 added to keytab WRFILE:/etc/kvm5.keytab.
    Entry for principal nfs/kvm5.deyu.wang@DEYU.WANG with kvno 3, encryption type
     des-cbc-md5 added to keytab WRFILE:/etc/kvm5.keytab.
    
  9. nfs server kvm5 將 /etc/kvm5.keytab 複製成 kerberos keytab 預設名稱 /etc/krb5.keytab。
    [root@kvm5 ~]# cp /etc/kvm5.keytab /etc/krb5.keytab 
    cp: overwrite ‘/etc/krb5.keytab’? y
    
  10. nfs client kvm7 查到目前的 /etc/krb5.keytab 中一樣有不同時間產生的 keytab,應該只存在最新的一組。
    [root@kvm7 ~]# klist -kte /etc/krb5.keytab
    Keytab name: FILE:/etc/krb5.keytab
    KVNO Timestamp           Principal
    ---- ------------------- ------------------------------------------------------
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 19:27:50 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 19:32:15 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 19:40:14 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5)
    
  11. nfs client kvm7 從 nfs server kvm5 複製 principal nfs/kvm7.deyu.wang@DEYU.WANG 的 keytab kvm7.keytab 存成 /etc/krb5.keytab。
    [root@kvm7 ~]# scp kvm5.deyu.wang:/etc/kvm7.keytab /etc/krb5.keytab
    root@kvm5.deyu.wang's password: 
    kvm7.keytab                                   100% 2242     2.2KB/s   00:00    
    
  12. nfs client kvm7 列出 keytab /etc/krb5.keytab 中 principal nfs/kvm7.deyu.wang@DEYU.WANG 只有一組。
    [root@kvm7 ~]# klist -kte /etc/krb5.keytab
    Keytab name: FILE:/etc/krb5.keytab
    KVNO Timestamp           Principal
    ---- ------------------- ------------------------------------------------------
       3 12/04/2015 20:16:57 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96) 
       3 12/04/2015 20:16:57 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96) 
       3 12/04/2015 20:16:58 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1) 
       3 12/04/2015 20:16:58 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac) 
       3 12/04/2015 20:16:58 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac) 
       3 12/04/2015 20:16:58 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac) 
       3 12/04/2015 20:16:58 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1) 
       3 12/04/2015 20:16:58 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5)
    
  13. nfs client kvm7 再安全掛載成功。
    [root@kvm7 ~]# mount.nfs4 -o sec=krb5p,v4.2 kvm5.deyu.wang:/protected /mnt/nfssecure/ -vvv
    mount.nfs4: timeout set for Fri Dec  4 14:16:29 2015
    mount.nfs4: trying text-based options 'sec=krb5p,v4.2,addr=192.168.122.5,clientaddr=192.168.122.7'
    



2017-11-30