Verifying permissions for Kerberos configuration

Kerberos requires that certain UNIX permissions be set for the SVM root volume and for local users and groups.

Procedure

  1. Display the relevant permissions on the SVM root volume: volume show -volume root_vol_name-fields user,group,unix-permissions

    The root volume of the SVM must have the following configuration:

    Name... Setting...
    UID root or ID 0
    GID root or ID 0
    UNIX permissions 755

    If these values are not shown, use the volume modify command to update them.

  2. Display the local UNIX users: vserver services name-service unix-user show -vserver vserver_name

    The SVM must have the following UNIX users configured:

    User name User ID Primary group ID Comment
    nfs 500 0 Required for GSS INIT phase.

    The first component of the NFS client user SPN is used as the user.

    The nfs user is not required if a Kerberos-UNIX name mapping exists for the SPN of the NFS client user.

    root 0 0 Required for mounting.

    If these values are not shown, you can use the vserver services name-service unix-user modify command to update them.

  3. Display the local UNIX groups: vserver services name-service unix-group show -vserver vserver_name

    The SVM must have the following UNIX groups configured:

    Group name Group ID
    daemon 1
    root 0

    If these values are not shown, you can use the vserver services name-service unix-group modify command to update them.