使用http://classroom.example.com/pub/keytabs/server0.keytab下载秘钥
[root@server0 ~]# yum install authconfig-gtk sssd krb5-workstation –y 安装包文件
[root@server0 ~]# authconfig-gtk 配置LDAP
[root@server0 ~]# id ldapuser1 验证ldap配置结果
uid=1701(ldapuser1) gid=1701(ldapuser1) groups=1701(ldapuser1)
[root@server0 ~]# yum install nfs-utils –y 安装nfs文件
[root@server0 ~]# mkdir /public ///创建目录/public
[root@server0 ~]# mkdir /protected ///创建目录/protected
[root@server0 ~]# mkdir /protected/restricted ///创建目录/protected/restricted
[root@server0 ~]# chown ldapuser1 /protected/restricted 目录/protected/restricted归属用户ldapuser1
[root@server0 ~]# cd /etc
[root@server0 etc]# wget http://classroom.example.com/pub/keytabs/server0.keytab 下载krb5加密文件
[root@server0 etc]# mv server0.keytab krb5.keytab 移动加密文件
以上三条命令等于wget http://classroom.example.com/pub/keytabs/server0.keytab -O /etc/krb5.keytab
[root@server0 ~]# vim /etc/exports 配置目录相关权限
/public 172.25.0.0/24(ro,sync) 域example.com(172.25.0.0/24)对目录/public有只读权限
/protected 172.25.0.0/24(rw,sync,sec=krb5p) 域172.25.0.0/24对目录/protected有读写权限,以及访问加密
[root@server0 ~]# systemctl enable nfs-secure-server.service 开机自启nfs-secure-server安全服务
ln -s '/usr/lib/systemd/system/nfs-secure-server.service' '/etc/systemd/system/nfs.target.wants/nfs-secure-server.service'
[root@server0 ~]# systemctl restart nfs-secure-server.service 启动nfs-secure-server安全服务
[root@server0 ~]# systemctl enable nfs-server.service 开机自启nfs-server服务器服务
ln -s '/usr/lib/systemd/system/nfs-server.service' '/etc/systemd/system/nfs.target.wants/nfs-server.service'
[root@server0 ~]# systemctl restart nfs-server.service 启动nfs-server服务器服务
[root@server0 ~]# ktutil 验证配置,密码kerberos
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/server0.example.com@EXAMPLE.COM
2 2 host/server0.example.com@EXAMPLE.COM
3 2 host/server0.example.com@EXAMPLE.COM
4 2 host/server0.example.com@EXAMPLE.COM
5 2 host/server0.example.com@EXAMPLE.COM
6 2 host/server0.example.com@EXAMPLE.COM
7 2 host/server0.example.com@EXAMPLE.COM
8 2 host/server0.example.com@EXAMPLE.COM
9 2 nfs/server0.example.com@EXAMPLE.COM
10 2 nfs/server0.example.com@EXAMPLE.COM
11 2 nfs/server0.example.com@EXAMPLE.COM
12 2 nfs/server0.example.com@EXAMPLE.COM
13 2 nfs/server0.example.com@EXAMPLE.COM
14 2 nfs/server0.example.com@EXAMPLE.COM
15 2 nfs/server0.example.com@EXAMPLE.COM
16 2 nfs/server0.example.com@EXAMPLE.COM
ktutil: