Hello. I have nfs share and I was wondering if I can secure it with kerberos protocol? I have found this topic Secured nfs share - Installing and Using OpenWrt - OpenWrt Forum but it states that kerberos protocol is disabled in nfs server Makefile. I could try to enable it via Maklefile, but may be something change and now I can just check some boxes in make menuconfig?
I understand that Kerberos security is not for “Router OS” but I have x86 hardware, so hardware resources is not a problem.
Yes, you can.
Install Docker or Podman and make a container with a Linux distro that does support Kerberos. Pass the folder as a volume.
Important: inside that container, you cannot use the kernel NFS server. Use NFS-Ganesha instead.
Thank you. I am not sure I want to use docker, I just want Kerberos authentication service run directly on my hardware for nfs encryption. I guess first I will try to build nfs server with kerberos support via Makefile.
Sorry for a stupid question, but where are you going to run the KDC?
On my x86 device
Well, OpenWrt does not contain a KDC, so I guess you mean a different x86 device. In this case, I suggest also running the NFS server there, using a Linux distribution other than OpenWrt.
EDIT: it does! So you are welcome to try it and add support to the NFS utils and the kernel.
@alive-one If you manage to get Kerberos to work with NFS server in OpenWrt pleas let me know by updating this issue. I am curious still. On the other hand I updated my old topic you have referenced. depending on your use case you may get away without Kerberos by using the working NFS mechanisms like limiting IP addresses?
Sure. If I can achieve something I update this topic!