NFS security and Kerberos

File Services Administration Guide for Hitachi NAS Platform

Version
14.7.x
14.6.x
Audience
anonymous
Part Number
MK-92HNAS006-29

The NAS server supports Kerberos to provide authentication, integrity, and privacy when using NFS v2, v3, and v4. Kerberos provides a mechanism for entities (principals) to authenticate to each other and securely exchange session keys. The NAS server supports RPCSEC_GSS using Kerberos v5.

The Kerberos implementation has been updated with the Advanced Encryption Standard (AES). The Data Encryption Standard (DES) has been deprecated and is insufficiently secure.

Secure NFS requires configuration of the NFS server's Kerberos principal name, and secret keys. Kerberos related configuration settings are setup both globally and on a per-EVS basis. The NFS host name is configured on a per-EVS basis.