slogin-serv move to NFS sec=krb5

Any users of the “slogin-serv” service should be aware that changes are to be made which may require them to run “kinit” to access their home directory.

Lab Linux machines are moving from using NFS with sec=sys (which trusts the client OS user information to auth users) to sec=krb5 (which requires the user to have a kerberos ticket to indicate what access they should have) to improve the security of user files on the central NFS server. Users of new or upgraded Linux systems will be used to sec=krb5, but it’s a bit different on servers. Some hints and tips are available on the NFS sec=krb5 web page.

We will be moving the main “slogin-serv” service over starting the week beginning 2011/02/07. Initially the name ‘slogin-serv’ will point at the existing sec=krb5 instance. Users may need to type “kinit” (or equivalent) to get access to the filer. Users experiencing problems should login to ‘slogin-old’ (or ‘slogin-serv9′ or ‘ramsey’) and then email sys-admin explaining the problem. When we are confident that things are basically working, one of the old servers (‘ramsey’) will move over to sec=krb5. When we are happy that everything is working, the temporary name ‘slogin-old’ will be removed, and ‘slogin-serv9′ will be retired.

Users are encouraged to try the new service in advance by connecting to ssh-remote-0, and send any feedback to sys-admin

This entry was posted in Local IT systems and tagged , , , , , . Bookmark the permalink.

Leave a Reply