Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

A CONS is an object which cares. -- Bernie Greenberg.

devel / comp.protocols.kerberos / About the purpose of client host principals for NFS

SubjectAuthor
o About the purpose of client host principals for NFSMarco Rebhan

1
About the purpose of client host principals for NFS

<mailman.4.1696706501.2263420.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=380&group=comp.protocols.kerberos#380

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: me...@dblsaiko.net (Marco Rebhan)
Newsgroups: comp.protocols.kerberos
Subject: About the purpose of client host principals for NFS
Date: Sat, 07 Oct 2023 21:21:23 +0200
Organization: TNet Consulting
Lines: 40
Message-ID: <mailman.4.1696706501.2263420.kerberos@mit.edu>
References: <2245400.ev0DxJNslZ@invader>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3695493.AgQMKszzaT";
micalg="pgp-sha256"; protocol="application/pgp-signature"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="17403"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: kerberos@mit.edu
Authentication-Results: mit.edu; dmarc=pass (p=reject dis=none)
header.from=dblsaiko.net
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.9.3.17
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1696706499; cv=pass;
b=uelskhv3O3ZRcoqzrWOxrZZxKFHCT/OjptATJ9ySfFwCtob5S8trTy+VKsRictWb3/kncewVfs9FAGdqKOhXM387+uoJ9GxYWeAS21fHZZipfsqgGeKMbXuEhvLWjvBTuIJzNB9LERiXm5gN/EMBtXZFo4211xsqMtCuYKasniyfDNHaAk0iNr//TdrNo92yVtDVovgFIsWM/A30P5hYIqBMmn8Okf2Ug5LZqMOhE3iA+UhqtohGsf1RMKBP1A8Vh0y+KzP4Nl8BUwPJEzp7yeAgu6XPBRRs4442Dg2zX43Ada8RnO76Hp2pAveCCcKwrg0DDWDOAEpWSnoxkQjr+g==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1696706499;
c=relaxed/relaxed; bh=2fQjvYklBiKHEy984NHvcI4jZNgxCaAfCfUuo8SAzRI=;
h=From:Subject:Date:Message-ID:MIME-Version:Content-Type;
b=YxKorGicDuS8JIezvSAYmOLiVKSJIoefbsWJS/4wSJXhJnRIoRLr4eCozIc78pBpmvWRBk3KU8VPb4TbKwEw/jTyorAKNxUT33q451pPn+YdPY3J67LfB4S1mNrsuLqn1yxv0A5dc/Ujs81UhSJ5dKuzleNYx2nWg1ty7gZ5CeFy6rntCvpPksLdM85EwWXo5fDHKkSQxW7EXu3IQYY59dCoKMnM+V5f3kOddmVPAkJiXjoZY8bS9KGKjYL6NlIqEfeMZjqDLTu6dR1GGoYQWuYBU1lNuNC5M61Ox6u5jyIicptAGg8CdF5L52j/gmc1KmJU5TkE54lo3NK0LBRZkA==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=hvEXy8c5;
dkim=permerror header.d=dblsaiko.net header.i=@dblsaiko.net header.a=rsa-sha1
header.s=ed25519 header.b=zwHxXfbH; dkim=pass (2048-bit key;
unprotected) header.d=dblsaiko.net header.i=@dblsaiko.net header.a=rsa-sha256
header.s=rsa header.b=mqllRI5t
Authentication-Results: mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=hvEXy8c5;
dkim=permerror header.d=dblsaiko.net header.i=@dblsaiko.net header.a=rsa-sha1
header.s=ed25519 header.b=zwHxXfbH;
dkim=pass (2048-bit key;
unprotected) header.d=dblsaiko.net header.i=@dblsaiko.net header.a=rsa-sha256
header.s=rsa header.b=mqllRI5t
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=BS1wkKRHLKgzOVEX0wuFHWclB69AQ5l3ziXhPgodwEecW2chwP2UGSa9XIQSiazr8d6tixehAKok/TFWXQuM/y4of6XNCcrV4hdyCD/MrpH7n7A1BRJcdmEK7BnRava+ut5QjXlBoVxwxYgZ7msKYzoerd3wmmJkyi9DXQze5pgxnPUZSr8JyguJImYg3kNvRjFD6PYyYUoXD5/bKMKKDbOIjFxYGKgq49sks4dqOzL1b5sGW8UvqIXBVFQdjwveTaXNr6OFJm/24x/GFm7SdeUUP9+NYXpgPJvjLT/IYuDS7BHndnFG95V0v11evw03eJfuxH9x8DgnG45YpQNlOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=2fQjvYklBiKHEy984NHvcI4jZNgxCaAfCfUuo8SAzRI=;
b=gj/YLrmybolZ4N02uT4Fjgr/fLJ/fX5Z43zB4ooY3j+wxiytKN+fJIv55Fn6ypDTEW73bazjMRjx4pWO4y0Yr82Gb5/aZ0s6lJ7YABeSvLddqRNAbCTL69gPpUeCQi8E9wnrLm7OBGgAfOzvb9jHkGEgflSNISt/oMr5xdYJdXw22m2tt0iNhB/7unwqgK0znoAu5oYN5/bU1M02rNntQHvEvKjhdtWhtMENCd2oSDim7F8Aei53AiegumQoAU8T+0K8xvRciMSPDL2dx03qkm4UHDBENJB/wXOpx7BuYZnl8Kkx7QBb4xKbtgJ63rKHqvzX7cr0N97X567iAbrohA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
135.181.103.53) smtp.rcpttodomain=mit.edu smtp.mailfrom=dblsaiko.net;
dmarc=pass (p=reject sp=reject pct=100) action=none header.from=dblsaiko.net;
dkim=fail (signature syntax error) header.d=none; dkim=pass (signature was
verified) header.d=dblsaiko.net; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=2fQjvYklBiKHEy984NHvcI4jZNgxCaAfCfUuo8SAzRI=;
b=hvEXy8c5g+MH5SRjfJG8igBMVH4MjxcOh0xSy8eT4OvsvPh4OEJn0UQ4vWEXrNSAnhnHpTI6HUi9NeR0/qbUi6NycJjf8qrAfXJqlSbVpRewNbA5aMeZ2RolhNB/aud08I0rXq3b1yzuar7JmQAe/ITu8gIq0OizNP9WoT69x2c=
Authentication-Results: spf=pass (sender IP is 135.181.103.53)
smtp.mailfrom=dblsaiko.net; dkim=pass (signature was verified)
header.d=dblsaiko.net;dmarc=pass action=none header.from=dblsaiko.net;
Received-SPF: Pass (protection.outlook.com: domain of dblsaiko.net designates
135.181.103.53 as permitted sender)
receiver=protection.outlook.com;
client-ip=135.181.103.53; helo=polaris.dblsaiko.net; pr=C
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=dblsaiko.net;
s=ed25519; t=1696706493;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:autocrypt:autocrypt;
bh=2fQjvYklBiKHEy984NHvcI4jZNgxCaAfCfUuo8SAzRI=;
b=zwHxXfbHpgXn1hysiv/EmjFpkIvpOj8n55s4Gz0Bl25g8OvRoS1eoYwBQB/CraNlX4pT/v
Kv4pxYyjW+E9IRDA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dblsaiko.net;
s=rsa; t=1696706493;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:autocrypt:autocrypt;
bh=2fQjvYklBiKHEy984NHvcI4jZNgxCaAfCfUuo8SAzRI=;
b=mqllRI5tDBRUBNNe6VV6F8EeLNVqslFIEjsGX6uBB3HsCEPWvjjjJN1bzolTqv0Cro/aFC
9cl8LVHYeRxs+PAuIh3YGdThcKwA8QzIKZ8ZZESAAqTtLgyJ6x17ONvpqLJ5fR4ZmG4HpR
k14I3pUjMbAaok0F4OL1ju/mxBgEF+28t+JPnt5rNgmzx8tEUHp8kzjPp7jvIa0uRBckv+
SFxRnWedd0subPRioscd5MFS9NyI9lxbUJEJYpeeC0NuyRADZGMT2QYBuqUxXn/vheOtbg
R1EzqpJwHXo6Qob3bfQwmuWKJDRUpyt9qOlWlBFNps25SlJUO9UuJa4hvWTMhQ==
Autocrypt: addr=me@dblsaiko.net; keydata=
mQINBGBQb5UBEAC7DSRw55LddzdokBirJ0HcQFXq7XCtlzfftNuH14RphMeSblvFHE/dcxWT8Bo
QXxDBkHtpPt/b1G8DHFi8KchUJLMqcBHZ4BtZGp1hoBTlCjeLvsNdkJiDe5EbYJ/GJR4hebEWWQ
mTKwzpjarl68NSurxMW1oZ7t9jLo6DKl+RhoW/ow+zZgxKThhr4CddnLdIaaoun/t5oVXGBKS8M
1tm683vb/FBO0gucegAdN37H2H+gj7XHqnhmm+WTH9DhF7elN4Zk60rdH2XaPQHLAlWcX+eFk3X
js70NRwxTWXJTfb3hG6E8M83F8QtWknnyrJLyMgG2Hidym+2yBLAhbKiGAVGEyUBTdhTxypHSmH
RypfEMsQCQRzmrbRoI/9SkeTrowvALQ6DKjcgQ2RKAmL9uGS0rUcJlonGoQVEuVTLCU320+4jMH
FaVF94nljS+8JfdIU0Z8KGMNPZQ/RaomkOWmq7DWhVD3xS9byjdmpxsOXpPO7N3otuqvw7lVbBg
ddEb3kxH/x4zKlRVLDjiaBRKeIM2ldd31rNdHahLFdt6E0vGn2c4m3HpxKiGEn51EX0nff6DinD
1b/dAGM7nVjuXarNnJVmaP1IGMvRJU8ciYOoI3YRzY5nluYvphYUY0TTvSlpuqaj11vxgkDExV2
qAq6C2l2CLFFRmeAinXzQ2QARAQABtB5NYXJjbyBSZWJoYW4gPG1lQGRibHNhaWtvLm5ldD6JAl
cEEwEIAEECGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGQEWIQQKbn31BEAjVwYm1jAyOwGUL
J4P2gUCYFDJsgUJJZhgHQAKCRAyOwGULJ4P2gFPD/wKbl0iiXGgxQy6jQZTAa0nITG5V3dt4eGn
IOnefphNBoI79RreGa8V0mKQuwe3IlqnxmExf/SzSVsy8+q1xLDOC/ZE5Fi5a8CPsWdRWecAot+
c95+sjlsRbUXyjYYR4d3wV7hmWM24mqtN9zcFYsLow/c2YgK4DmDRAn6Mh/Fdme9ln+PJO17k8O
S6YDwHFmbYB3E2XRkvSN7w4aQA5tiG97++uX1zJlg/2Kq5rJx19r83qgBM4sU09lzwoE3I+0Va7
YiNJgVsdR7RGXeFw2q3Ht2cVYeGKjZzAoM/Nq0LtKE4+BemwGRnVDh26w2ZgY9izBglK7Vq6Lbd
a4dITmZQ96jZ5y2vE9hRslWimlXKETc3jn9JLQ9A/xIoiit4z7y2KyetWGuAlOfWdngqnuKJcaX
uczEWIX01Ai33s892aNxB/PfiwqHrL0qqw4WyRc+WWRhTzSD43OXdIJK8xbYSJIkAk/Bi2Cg7Q8
P9Xociv2E8TOn6UaeRGTL+a7HDGHmVdEBUK05B5cyRLzPD0ywHVp/057EGbtSi2PjGsMcrTBUyY
vtLLPT4D1D4Q0qdPMx2l0W2yturHZ1ohHnbwTs86wn4Fhkvkn5I50hMpuRKKrOKP6KKHhfKLVSq
D9H5Lq6HZ/zrcjGiGC6BRhv8PBX/AhnYlaHMdArU+uWffOHtvLQrTWFyY28gUmViaGFuIChHaXQ
gZW1haWwpIDxnaXRAZGJsc2Fpa28ubmV0PokCNgQwAQgAIBYhBApuffUEQCNXBibWMDI7AZQsng
/aBQJgUNYfAh0AAAoJEDI7AZQsng/aovMP/iCgDjCNf8qEMdBINK2JhUOkCkaE4l11KiypMyvdV
pvuEY3oq66bvMEJU4XQ+t8xOgs8RqgPfrjamy1kjDXF+9Iori+6QhfL52tN+dE2VmWeyj+81jko
OMlIRZBgidUNMHT8OAckgN8vdi+WisGFvYnzBrtJCgZLIfyw5Q5jy/TQgXzs1Rrht0dh0HtkEXq
aioX/lJtN1rN+BxHUzu0fNMR0l5S3C1dOxbBjvUSAk/xtrzgHHff7vY+10O0xCWNwv9WYAyOLeX
HtpxFAmxfPpHP9TXC1pCUWv/jBqW09Kj+AzkTSvoJ7WZw94OzphalQuTcpUAR/BiOIAwyfYIK33
rHWylK1cV1ocq7RPi+ZZBrT2Bim8o/JbzG9Td6EjEzjNs9WpStPyvXeyhrum4lRzOZajEFQSuwY
oceim5Uri/ilfDvk9uqRCmki/18Pu3qd3Squ3nai1pQMxIA8nWUP8ahRnkC4OTcRXpjXXvTlpSX
WSwlIbeckrcMOGPSwIfJjuL7r1eozN0xnTiGIRGs3jHic8w+/JWkJsqfVJe+crnUkoPt7/Iny1C
lrLim4tn9YvALP+5NmmmAB2lWzu4kcYrUyesxcqYiWnlrjSANpyMuf0wP4ZLYS9Q7qPG0Su2lK3
F7L+tS/FxfiIuZ0hASuNjfK7GgB3HRPaW50bmj2z1NeiQJUBBMBCAA+AhsBBQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAFiEECm599QRAI1cGJtYwMjsBlCyeD9oFAmBQybMFCSWYYB0ACgkQMjsBlCy
eD9rhBQ//Wn9ovvM6Ax47kz11n3r+hWliXKeMDhXXGiizv2Vd1xt8DOLQS7aaUNYnPxfvA0dyuD
5TsRjUwmAJAhTNO/7krPwgpfPESLYoHJDiwJ5viE5IRvUe39Jg24tJxeAl77XfM8ROlSCZ6S10B
JzVIJncuhGmoMeeSO1if7H7BbvxaV2MTrH2xYRGFaOpBxHvlF+A5D8cPbV0wP8E+3MuKi4mmCU3
mLy6R/xgDCHFdfr3UmYohstbbLFrjhwGpaxRMq0ttE0QUaOGEvvsFjoTKhHm8PI5tVJKuDehO8+
RJK/uaGtcrWE5+WEC/G77NlAfkLyLO7G3oXlWc3S2215fN6b+R/hli4FPbQ0DhXERJiK2iHHEoo
oBK9fW1L7+PJKc7ShVVQpQVLzUmLw57BOb7iIs9TabsXWbSqi+tapFEwZPDcRr0XCwyXMLyf5rl
NHGZ8TY8x0+Rhi/ReyElGGMTrig/6DJgzWQUZkGaufdVqMcFEzf0Se6kIUNmOrpnwIkKnlDg4uo
xm/eXAlGBznJQVd9KzpdrUc4JkNYh1m+FmwVdMzskqrmLipW9zCkkrAnCiY2fW820aWwjuDfWlj
i5CY7sUOTUHUZ0FhGSapx/fYyq8eDVMb3Eg3lSUZ0Pu/TERySsYRaV7YA3p/vgKnG196fWwCXMV
Cxk9Ipo+VHhf03yJi0H01hcmNvIFJlYmhhbiA8Z2l0QGRibHNhaWtvLm5ldD6JAlQEEwEIAD4WI
QQKbn31BEAjVwYm1jAyOwGULJ4P2gUCYFDWRQIbAQUJJZhgHQULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRAyOwGULJ4P2p9eD/9DsnbYG3dWrSlt/YzFqOgH/Ti5T1PeGIAxu/H9qGHO5c0UvD6
e+Bn/aIDNaOcGRXU2RLuqD3dJJATVw8POUVwaZKNFyZjI+jfqUSV8Qc4v3nOplEu2R3KiHiLW2M
3K+3mQ7B1WzovDnlxEf11tIdqFaK26H6ZlA0Azv/AIWI1yK9LBELtBr40FAezg3b2RE7RZInUEY
VrsJPv3MP6ckQu3UuVMjc2ovnRFPEDosgJ6JFcjrlg+8JF0yYmr56eInGKFcRbvvdF7uVg9fX8Y
fBXIXASpZVwWU/C1rIyGeS6/JMu4gE8Z3aV+lg1j9xYdFKJln8ZD5b2oK/e+IfM758nUXDDpcZo
pEZc0zHVqVGKTYfnoNRE09SWFxRQqNy44fUY6kTuRhNXEahkK7xd9B3T8+8wROgNV1q/brDtUAk
QCUsA47msDN/2xtAlDSL/nIcXMhrGCQf3cvFvhS37SRUloZMoh8G9xFJhuRVOM2HZW9embF9nzG
uU7oMZSCl5pi6NOUSy0oDv+JRq0TC1OogFqWeHaX+5F+Ul8t/nNLcqPDRjAn+I03dYRE63dqlr5
RIe46aVdFtGxuBQp3FxV7Z0xQYRaI6RlQ1QSluIkjC4GD+FSfwFAIdf4y+7SbFZ0tlPkNbzqhK1
yiJZkA1whTYJXqJT/qkLedp6mg22FxoPEQbkCDQRgUHFPARAAxRu3AdPXxydlFPTtExxGbURaBG
zlD+kWuGdJcvDhRUd2eo+X+hPMeMThq5BgHcn1HXMBPygBseG2zap9qvpCbF50ay9Od//cqjs0T
5SAneVL41GkGcLReqkL6Vtji9VSI/1kToBfKu4aRuOckjtWkwkdJDnGAwBhetDdlJi3o4tb/fYf
T3bKrtKcbp8qIFG36ISKQHe9C0mfop3pqSF7iQtS7jANxV817/ciLGwLMUwcyn35u0IqxkcJTXo
CuRvh4WmHVp+dFmX9Gw5HUralZtF0Z+5NFpETGpW+oTzr757semXYk+YQ7kf88sImTc6AzurE9b
qAS1g8tnO8pI6zIgvgl7Ruz0NtC6DAs4yEiu78BadTsI1HOKAm9MEM2N1n8kJsq0VXn2pYyVDe3
GNJ+RRO+K0mXNZavDo5wtOznsWaNO3TTDbJHScxzl7xDSY2eki+PUidEzW0V80fEN0C0dh/mke9
me5uHZZb0UWmxKVW4l1jWrOY1B7oY+qRLg7HisGjYv3Zyq96g4rXlWoZflLvazN7q1Sizi+JLWM
E7dW42P4AtTF74XnX1pi/Y8xKxINCAz7j88AsY3ZmEJSYzBZ6ABIycaL0cFsQ9qkOG1yQuGdGXC
gcGlbdjDguRNZr437c0Vzfg/DC5f5eiNj6WJjWJl8jTzr+GGgzvw+AwKEAEQEAAYkEcgQYAQgAJ
gIbAhYhBApuffUEQCNXBibWMDI7AZQsng/aBQJj2OEpBQkLDT3aAkDBdCAEGQEIAB0WIQRS4Dlf
T1tpTkZ8tjHI0PvjgaKdNgUCYFBxTwAKCRDI0PvjgaKdNidJD/4oZOgy2TU7/q1i1jKD9JINEq8
WoBkuaxK4XLiKyN962uMbX3sGJ9+XMI/ntdF8AhybEmu37GoQF1zXpF02Dmpdy/9jG5+UEdNTRp
y1StRAhYbtzyAsg4y16kciz+fTjocarPTcmseUOezjmSfppUSbH6IALOXSRqYcfmqpzisU2zgbt
tE9efcvGdYhaAAyNZUCh2hLEITYvbFhT/lgmVFJ8j+YR5LohUKDR1tvFOJOfRoWRMOcA7qttwHN
/705GzA0XGc6bkAdZp65mIQxZykX2ucwzdGEIRjYlkUEVG+QhF16Ijf0utTYim9hwEZZ1HCl2Kh
4qWdrq0zMxVv+0EGcfW/JWqd8p9XYbPLwqO8mSc6AXlkuznQHoq4pKCMaPHKSjxWkchCWP479sl
nVm0nZEgu/ie21M+/Udwt8wyahiDtfvMdAtCGhQJwimpMPHWkQO3LT8Lf4kJZcNdOT6mh1t9nyW
4DdBr+AUxH+PvKSfjPpXxm5ucxl8z8StqtpWRPU7Uu5jaxHGHN77jtHk/aH6fAUZ6QvVMNKnTfA
xkh/h2ewbvfRy3hYFOFm2dFA8EUEtuBSTPTBkE38AR3F1Qc4NSlu1aLiZQ8xjnri4gJ30lML52Z
44d8B2FT8Fxo/eVDXjHVO6cAb6kGRbXVMyAEfZl1mK37XhMjPXdethtcZjAkQMjsBlCyeD9o3/Q
/6AopMTEW69Deh9NQF4E3EFdFGU3wpY6aS+bD7SDL3FMCTM+I7XyXoRao/rT8sbuQ9RflOy3lyv
0IVdPUskRY4ugZJHmbQ6b44wGl3izhcoxj5kopVC2qOv/BQVwXLugHUFTlsAl6li3zkMrvC/vsT
FR6nclH1TrnwinGCN5Lu+PAvBp/XoF0D18m3qyF9yl/ganvFWrxnNHGu0U9E142jl7tBZoWbU/o
OuhdcEWYZypZoUwYxSWOXMpSl1Fg/CHHzpNCN54FehiGj4+tvJMW7QOK+ai4MvREfrlHIuZDR3g
2MxInrFBcd8pnXaxVdiXkGrzmQ+i4FejQfZalaVM70f9NoGagkKprk5Gj3RPvzg9vlcglgqc27d
PQLuwuWL8EMXkZfZ+jqncTufJoky9BGDytnImusEvIeFDlHwjJY8u9tpmO3wdE1Fm3PKFwxsKb4
5po+oUsoFB+s+eQit0AwqvFdkFzDBDlPtB7ybqGQM6/M9Btc+sdyPVOx5Hqc5waQz32p4bnlcB/
pMx4UoKjMZeU5kQPRleZxetLjhlFL4Ub4rWFAA72FTEg6RZHJoZYehNkvzYR3MXutuyGNGl54db
k0h3zHj7jeQtHXn56IGsh2eDol8Y5YIV6z45rtDFVa3fmf+zKGpBgWbkmmsVMEg5C4HanqTF8zH
15dK+behua5Ag0EYFBxXAEQALx/voAmYR2m9rK9wqS1qkrfYZao58x/iWzNZzfl5w5Eil9XAFHn
JpIBXmjLikMNwN7uqjnFrt/OONJBOiO90Y5ADtjFA3VYJr47v0wSEQD8Qsvw5++cwvyQm/wBFuL
y+ikjx/9B9PKJIXmmMpzTT424BwDW1G2aGJ2nR7+yw8kPu7radOKXMMJE86INAzECAwlmnGledk
p0PgpTaiM4x8sO4QE2XeimcH33PqhYCg8u1ZWUPAI6a5a/71fRm9Us9rIEMUbm8Zq2ZJkmB/G7S
zAafXN4ss3u1oGI8MZXB6lxieGHUATpaza058EjkprLl4F99J5VsGGFoYBSIPjIbi6A9ifSm1mO
nwH3KjMin+qLHZsUDKYcz1TKrLQ8G/qwcCv0s3IDCiC2ETZ4fOmK30SqSZ6zT+L8sBsx6zj7FRU
W1+yziug4BxlhNjtwas1W+xxZyR2tHtJuGnXsk6zDH2jIsO+aHCEw5F4tcDXaa21vFk0gkE+nSZ
V9uIScN7r6ET4qx7SENcOwhS6PGI3BjLke/svoUVluUEggNPhq3/iOB5XOAHWcAyZPRxmRTDRzL
2ASkOUksxnbwfBcuPcec8nb6BE493Vo0eijpVRV6+PtsCZVyg/C+SfO20ef0ReAFLydzfR7UBwQ
8LM7BNLwJlXD0T91u4DQY6ZllJSgD12hABEBAAGJAjwEGAEIACYCGwwWIQQKbn31BEAjVwYm1jA
yOwGULJ4P2gUCY9jhPwUJCw094wAKCRAyOwGULJ4P2jqBD/sEWdLPzM94F92eySRYkOrnxFd66R
lbXg9LXPNj1vguVxYGZn3K9+ZuTbZq8drQhsYHOLFJwvRlrDduQZXGiRIcrKo20AU8OTKuoWCSS
W9YEP7+kys9ei8jCm47P47IB+5KQiAkrEe6p9FiYtdm5WQPiZFRXVRxlHa4ZrjdN4bR5apSSJ8x
Pu+4cSahFmBqC+qczlh7dMjK4mlES7UpzuC9FHTnla7NwuoWgndXwZgjyTQKBpBoLJtdDMSDaMI
y/fPPvrD8j8L34a9T15zsvXE1wMvB5m9MgVerXAsxfIRuCGv+1jihfj0fHcEbd81j2ilfjj/rRg
6BUFq08Q2gn/eVOhxHZelTZC9p6GRA1jdEluRQwN4rXTUC+Zb3jHK6/y/lx1fYap3C9aqhK1XvN
6zKhlaKqaT9YQUNusfr/rPLwBlDe6ovpesfiOg5c0cMYOYMZYLvNgnJIbij7lMhGwMyLOGntTu6
tapwA+eHpxzPIQ3hERl9CKM/lpQmsFkSm1Gb1Xmu5IuY+RKafFVpCKKipiYj8OVhOXgjOwWpEFj
YeqT8BdMpVqcxTKHBczhZGcc2jHrnLGBbMj5+CZbgeY+ElICxNjIVXxrGD7YpalipKvSsjXMw/W
mWB55Lw2Sm1jFQCV4cyJiMgMMmmwWfV4w+GN/53TcT2DP/Ph9s5Aqe1w==
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF0002636A:EE_|CO6PR01MB7514:EE_
X-MS-Office365-Filtering-Correlation-Id: f140b5a7-9db8-4504-5f1d-08dbc76a9f19
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: adkCgThJCcSBWtK/SVCuGdbJ0LOKynQKTkPlDmxoLqd35gqa6qmiglUPPKeEt6FLB7r80AQK6y0vTvOKn6S//mie+UlOQo8ChQA6TtwRKuca6LvNZkAV3lZFMGPYw0Gcq1HxApYM3q16tvCENA0ILDmJNR0+DQt+ZMkkPGa76xYUrxvZkOawEFOUmMhi9taV1dPCtwgfKQeoW/uiRw9B8KxeA/DrvjI6ujLU9oYRLXzWyVLJ4RnW1aQwtBADUYRZxDNTwErL823ybo5mLj4ng+q6A5BGpNhyacfn7aDg1SUhEZWJkX5EKajMfxM4+NONmMr1Ho66PumrFknSA+TtsLZW4EGiFfeQ26c9Mk1Q778fq9fRW0I2FFoPaXkta8rdQh14zF9DttqL7j3Zsitzn+Z86Pszu0YuJ9RTjVScmIRmtpqJbsOV348Ryjp2eqninxVDujqCV9NzGKBxi3VW6rivcCsYynPEXYsuBFz8LB1MpAHCRjeaENhGW0Y8auIsUxcne3CehKjEHM0I609g/IWb/uzUj4Xiu0frKJtJle4gzLzwo/xnCrXmfhC6Xi40p9OLgeNtCw/XwdxsVtKKq/JNsdo5Yeq8kHHCAGNY+Ez8nL/yb0EDYeQE/GWfRrXzMfxlgxLJvqC+cNy7nJQ9jCUv2gbfEyUS/LAoY0hf1KGs3LYroYo4EYgE0v6Nq3TiN1zEEE57jBuVRUn+vnwe9A==
X-Forefront-Antispam-Report: CIP:135.181.103.53; CTRY:FI; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:polaris.dblsaiko.net; PTR:polaris.dblsaiko.net; CAT:NONE;
SFS:(13230031)(4636009)(136003)(346002)(396003)(376002)(39860400002)(64100799003)(451199024)(48200799006)(61400799006)(7636003)(7596003)(356005)(86362001)(33716001)(2906002)(9686003)(966005)(498600001)(5660300002)(6966003)(8676002)(34206002)(6666004)(83380400001)(21480400003)(426003)(336012)(6266002)(786003)(42186006)(70586007)(68406010)(316002)(26005)(39026012);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2023 19:21:34.9476 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f140b5a7-9db8-4504-5f1d-08dbc76a9f19
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002636A.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR01MB7514
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <2245400.ev0DxJNslZ@invader>
 by: Marco Rebhan - Sat, 7 Oct 2023 19:21 UTC
Attachments: signature.asc (application/pgp-signature)

Hey list,

I'm currently setting up Kerberos for my home network. The main motivation was
to get secure NFS, and as such I've looked at various guides on how to set it
up for that. They (for example, the Arch Wiki[1]) pretty much all tell you to
create principals for the host and NFS service for both the NFS server and
clients that want to connect.

However, after setting up the NFS server and my Linux PC like this, I tested
the whole setup with my MacBook which doesn't have a host principal or any
other krb5 configuration yet (it can find the KDC due to DNS), and to my
surprise it can both obtain a TGT for my user and afterwards also mount the
NFS share.

What purpose does the host principal for clients serve here? I assumed it
would be either used to authenticate hosts before they're allowed to obtain a
TGT, or authenticate for mounting NFS shares, but clearly that's not the case
since it works without. Is it only used so that the network share can be
mounted without a user TGT?

Thanks,
Marco

[1]: https://wiki.archlinux.org/title/Kerberos#NFS_security

Attachments: signature.asc (application/pgp-signature)
1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor