Share via


Using Kerberos Authentication for Server for NFS

Using Kerberos Authentication for Server for NFS

It has always been attributed that the NFS communication is inherently insecure and that's completely true. There are certain security options but they aren't enough to protect the data from unauthorized access. Fortunately, the NFS architecture is flexible and it allows you to plug in additional authentication methods. So, we took advantage of this fact and have implemented options to use Kerberos authetication for NFS server and client in Windows Server 2008 R2 (and Windows 7, but just client). The Kerberos flavors that you can use are krb5 and krb5i.

Now, there is also a tutorial that documents what you need to do to use Kerberos authentication and what changes are required on the Active Directory side and the UNIX clients. You can access the guide here - https://blogs.technet.com/b/filecab/archive/2010/05/13/using-kerberos-security-with-server-for-nfs.aspx

I believe the same changes made on the UNIX NFS servers would also enable Windows Server 2008 R2/Windows 7 client to use Kerberos authentication when required.