From Fedora Project Wiki
Description
This test case is to validates a secure NFSv4 root setup by running the connectathon test suite.
How to test
- You can run both NFS server and client on the same system or use different systems. Configure the server to sync time using NTP to sync the clock for later kerberos communications.
- service ntp restart
- If you have not already done so, install
krb5-libs- yum -y install krb5-libs
- Next, configure the NFS server to find the KDC server.
- cp /etc/krb5.conf /etc/krb5.conf.orig
- cat <<EOF >/etc/krb5.conf
- [libdefaults]
- default_realm = GREP.BE
- kdc_timesync = 1
- forwardable = true
- proxiable = true
- [realms]
- GREP.BE = {
- kdc = kdc.grep.be
- kdc = kdc-1.grep.be
- admin_server = kdc.grep.be
- }
- [login]
- krb4_convert = false
- krb4_get_tickets = false
- EOF
- Now, use
kadminto create the server principal.- kadmin
- Next, create an NFS export and restart NFS
- cp /etc/exports /etc/exports.orig
- echo '/nfs gss/krb5i(sync,subtree_check,rw)' > /etc/exports
- mkdir /nfs
- service nfs restart
- Download the connectathon testsuite
- git clone git://fedorapeople.org/~steved/cthon04
- Run the connectathon testsuite from the client.
- cd cthon04
- make
- ./runcthon --server <server IP> --serverdir /nfs
Expected Results
- Step #1 completes without error.
- The testsuite finishes without error; no nfs*.error files in /tmp.