I am very new to kerberos and nfs. Kindly help to know if this is feasible. The NFS server is Truenas scale and client is ubuntu 22.04 desktop.
nfs v4 is enabled in Truenas server and exports /export/home as no_root_squash and sec=krb5
The requirement is to mount /export/home to /mnt/home of the ubuntu client through fstab. The permission are as per filesystem permission settings. Without sec=krb5 this is working. But no_root_squash has all its security implications. I would like to minimise it by making sure that only those hosts with kerberos keytabs should be able to mount from the Truenas server.
I do not want a user level kerberos principal based auth, rather only host based. This is assuming that the users within the host is trustable.
the kerberos server is on another vm.
I tried by creating host principals for truenas, and client in kerberos server VM. The respective keytabs are scp to truenas and ubuntu client respectively and rkt/wkt is used to update the keytabs into /etc/krb5.keytabs of ubuntu client and GUI is used in case of Truenas.
But the nfs.mount says operation not permitted!!!
Any guidance on how to do this on Truenas scale server and ubuntu client is appreciated..
Also guidance on how to debug this is also very helpful.
-regards
tachy
