Release notes
ONTAP support for Kerberos
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Data protection with the CLI
-
-
Collection of separate PDF docs
Creating your file...
Kerberos provides strong secure authentication for client/server applications. Authentication provides verification of user and process identities to a server. In the ONTAP environment, Kerberos provides authentication between storage virtual machines (SVMs) and NFS clients.
In ONTAP 9, the following Kerberos functionality is supported:
-
Kerberos 5 authentication with integrity checking (krb5i)
Krb5i uses checksums to verify the integrity of each NFS message transferred between client and server. This is useful both for security reasons (for example, to ensure that data has not been tampered with) and for data integrity reasons (for example, to prevent data corruption when using NFS over unreliable networks).
-
Kerberos 5 authentication with privacy checking (krb5p)
Krb5p uses checksums to encrypt all the traffic between client and the server. This is more secure and also incurs more load.
-
128-bit and 256-bit AES encryption
Advanced Encryption Standard (AES) is an encryption algorithm for securing electronic data. ONTAP supports AES with 128-bit keys (AES-128) and AES with 256-bit keys (AES-256) encryption for Kerberos for stronger security.
-
SVM-level Kerberos realm configurations
SVM administrators can now create Kerberos realm configurations at the SVM level. This means that SVM administrators no longer have to rely on the cluster administrator for Kerberos realm configuration and can create individual Kerberos realm configurations in a multi-tenancy environment.