Kerberos

NFS authentication: Microsoft guide

• Krb5: Uses the Kerberos version 5 protocol to authenticate users before granting them access to the file share.
• Krb5i: Uses the Kerberos version 5 protocol to authenticate with integrity checking (checksums), which verifies that the data hasn’t been altered.
• Krb5p: Uses the Kerberos version 5 protocol, which authenticates NFS traffic with encryption for privacy. This option is the most secure Kerberos option.

Config

Different flavours¹

• Krb5: Uses the Kerberos version 5 protocol to authenticate users before granting them access to the file share.
• Krb5i: Uses the Kerberos version 5 protocol to authenticate with integrity checking (checksums), which verifies that the data hasn’t been altered.
• Krb5p: Uses the Kerberos version 5 protocol, which authenticates NFS traffic with encryption for privacy. This option is the most secure Kerberos option.

Network Filesystems

Common Internet File System (CIFS)

Auto-mount: cifs.com

man page mount.cifs: use option cruid to specify which user’s credentials to use for NFS (CIFS) authentication, e.g. sec=krb5,cruid=${UID}

References

• MIT Kerberos defaults @Documentation
• https://wiki.archlinux.org/title/Kerberos
• Jacob’s notes on Kerberos
• LiL course LDAP+Kerberos
• https://learn.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs

---

1. https://learn.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs ↩