[NFS-Ganesha-Support] Re: Restricting root's FS access
You can always change SecType to only allow krb5 authentication.
Then
no one can connect without a kerberos ticket.
I have the following config at the moment (the SecType in EXPORT is probably redundant,
but is there just to make sure it was being used):
EXPORT {
Export_ID=100;
Protocols = 4;
Transports = TCP;
Path = /;
Pseudo = /nfs;
Access_Type = None;
SecType = krb5;
Squash = root;
CLIENT {
Clients = *;
Access_Type = RW;
SecType = krb5;
}
}
It doesn't appear that kerberos is used at all in order for root to mount the export.
It just means that kerberos/idmap is used to identify the user (with root being squashed
to nobody). Unless I'm missing something?