centos – 为什么mount命令中不需要’-o sec = krb5p’?

前端之家收集整理的这篇文章主要介绍了centos – 为什么mount命令中不需要’-o sec = krb5p’?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我在Centos 7上有一个nfs服务器,在/ etc / exports文件中有这个:
/ export *(rw,sec = krb5p)

当我发出此命令时,它按预期成功安装:
mount -t nfs -o sec = krb5p server.example.com:/export / mnt / export

它还成功安装以响应此命令:
mount -t nfs server.example.com:/export / mnt / export

在这两种情况下,运行findmnt都会显示正在使用sec = krb5p选项.在第二种情况下,mount命令是否有隐藏的默认值,或者客户端是否与nfs服务器通信并发现sec = krb5p是唯一允许的选项?

RHEL / CentOS 7:默认为AUTH_SYS.

RHEL 7 documentation开始:

sec=mode
    Its default setting is sec=sys,which uses local UNIX UIDs and GIDs. These use
        AUTH_SYS to authenticate NFS operations."
    sec=krb5 uses Kerberos V5 instead of local UNIX UIDs and GIDs to 
        authenticate users.
    sec=krb5i uses Kerberos V5 for user authentication and performs integrity
        checking of NFS operations using secure checksums to prevent
        data tampering.
    sec=krb5p uses Kerberos V5 for user authentication,integrity checking,and encrypts NFS traffic to prevent traffic sniffing. This is the most
        secure setting,but it also involves the most performance overhead.

Ubuntu 16.04:谈判.

来自man nfs:

sec=flavor
    The security flavor to use for accessing files  on  this
    mount  point.   If the server does not support this fla‐
    vor,the mount operation fails.  If sec= is  not  speci‐
    fied,the client attempts to find a security flavor that
    both the client and the server supports.  Valid  flavors
    are  none,sys,krb5,krb5i,and krb5p.  Refer to the
    SECURITY CONSIDERATIONS section for details.

OSX 10.12:谈判.

来自man mount_nfs:

sec=<mechanism>
    Force a specific security mechanism to be used for the mount,where mechanism is one of: krb5p,or sys.  When this
    option is not given the security mechanism will be negotiated
    transparently with the remote server.

猜你在找的CentOS相关文章