Hi
I am looking to improve my setup and i found that when using nfs apparently combining it with kerberos is the way to go. but then i came across this post over here here which states that the nfs package coming with openwrt is not capable of doing kerberos magic.
was that changed over time and has anyone accomplished this setup?
why am i even asking:
since i am sharing some files with different people i like to have some kind of user specific authentication and not be restricted to network configuration. also i am intending to reuse kerberos for other services.
any advice (including alternative suggestions) would be helpful.
I was digging around a bit more found within the make file of nfs-kernel-server a --disable-gss switch is used multiple times. So I am guessing nfs server compatibility with kerberos is intentionally disabled?
Looking further and searching make menueconfig of the openwrt repo I can barely find any other explicit mention of gss or a similar thing. But doing a grep -r -i 'gss' package on the repo I managed to find some hints about auth_rpcgss.ko and rpcsec_gss_krb5.ko within the file package/kernel/linux/modules/fs.mk . Searching those on my openrtwrt 21.02.1 router I managed to find them both at /lib/modules/5.4.154/.
Furthermore I searched for --enable-gss and it turns out that build_dir/hostpkg/libtirpc-1.3.2/configure and build_dir/hostpkg/nfs-utils-2.5.2/configure too contain such. but this looks more like the client side to me?
At this point I am feeling weirdly proud of my self for tracking down this information but it does not really benefit me anything...
Could someone pls share any guesses on how getting this to work? any hint would be appreciated. Surely I am willing to build these packages on my own but I don't know quite how yet. And more impotently I don't know if I even could expect success.
Hi Nocte! I do not have much to add content-wise, but yes, it seems overall that Kerberos support is disabled on the server side.
I suspect the missing binaries I mentioned in the linked post and the compile switch you found are not the only things missing. At the very least, the kerberos headers will be needed during the build as well. Then for running the server, some additional setup will be needed.
I would in your place send a mail to the maintainer of the nfs-kernel-server package, who probably can at least point you in the right direction and save you some time. Good luck!