Date: Mon, 4 Aug 2003 16:26:41 -0700 From: Michael Collette <metrol@metrol.net> To: FreeBSD Security <FreeBSD-Security@FreeBSD.org> Subject: Re: Kerberos to file server Message-ID: <200308041626.41760.metrol@metrol.net> In-Reply-To: <200307301553.40385.metrol@metrol.net> References: <200307301553.40385.metrol@metrol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 30 July 2003 03:53 pm, Michael Collette wrote: > I've got this AS/400 with gobs of unused file storage on it that I want to > share across as a file server to a FreeBSD box. The AS/400 side of things > supports NFS and kinda pretends to be a Unix like machine in this role. Since I've received a number of off list replies to this I thought I'd post some additional information about what all I've dug up. Still not working yet, but getting a little smarter about this. Sorry if this folks think this is off-topic, but as this involves both authentication and authorization to a foreign system I still believe this is applicable. As was pointed out to me on and off list, I can connect to the shared NFS files on the AS/400 without Kerberos. The next obvious problem (obvious to me now) is the issue of file ownership. Just getting a connection across doesn't provide any user id mapping by itself. This is where IBM's EIM (Enterprise Identity Manager) kicks in. It provides for a user name translation table so a user on one system is a user on all. In order to make use of EIM a Kerberos based authentication needs to take place. Apparently once this happens, FreeBSD users become AS/400 users in so far as file ownership goes. For those who may be interested: http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzalv/rzalvmst.htm That's all of what I've managed to dig up thus far. Here's where I'm lost. The FreeBSD Handbook has a Kerberos tutorial, but it's apparently out of date or something just ain't right. http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kerberos.html First thing it asks me to do is initialize the Kerberos database with the "kdb_init" command. I don't have a kdb_init command on this system. I then just installed the krb5 port, and it doesn't have that command either. Double checked the package list. It looks like a number of things don't match up to the tutorial. Is there some new procedure out there to configure a Kerberos enabled machine, or am I just missing some key component in a perfectly fine tutorial? Thanks, -- "In theory, there is no difference between theory and practice. In practice, there is." - Yogi Berra
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308041626.41760.metrol>