From Fedora Project Wiki
(Created page with '{{QA/Test_Case |description=This test case is to run connectathon test suite on a secure NFSv4 root |actions= # You can run both NFS server and client on the same system or use ...') |
(Update minor wiki syntax) |
||
| Line 1: | Line 1: | ||
{{QA/Test_Case | {{QA/Test_Case | ||
|description=This test case is to | |description=This test case is to validates a secure NFSv4 root setup by running the connectathon test suite. | ||
|actions= | |actions= | ||
| Line 6: | Line 6: | ||
#: <pre> | #: <pre> | ||
#: service ntp restart</pre> | #: service ntp restart</pre> | ||
# | # If you have not already done so, install {{package|krb5-libs}} | ||
#: <pre> | |||
#: yum -y install krb5-libs </pre> | |||
# Next, configure the NFS server to find the KDC server. | |||
#: <pre> | #: <pre> | ||
#: cp /etc/krb5.conf /etc/krb5.conf.orig | #: cp /etc/krb5.conf /etc/krb5.conf.orig | ||
#: cat <<EOF >/etc/krb5.conf | #: cat <<EOF >/etc/krb5.conf | ||
| Line 25: | Line 27: | ||
#: krb4_convert = false | #: krb4_convert = false | ||
#: krb4_get_tickets = false | #: krb4_get_tickets = false | ||
#: EOF | #: EOF</pre> | ||
# | # Now, use {{command|kadmin}} to create the server principal. | ||
#: <pre> | #: <pre> | ||
#: kadmin</pre> | #: kadmin</pre> | ||
# Next, create an NFS export and restart NFS | |||
#: <pre> | #: <pre> | ||
#: cp /etc/exports /etc/exports.orig | #: cp /etc/exports /etc/exports.orig | ||
Revision as of 14:29, 1 February 2010
Description
This test case is to validates a secure NFSv4 root setup by running the connectathon test suite.
How to test
- You can run both NFS server and client on the same system or use different systems. Configure the server to sync time using NTP to sync the clock for later kerberos communications.
- service ntp restart
- If you have not already done so, install
krb5-libs- yum -y install krb5-libs
- Next, configure the NFS server to find the KDC server.
- cp /etc/krb5.conf /etc/krb5.conf.orig
- cat <<EOF >/etc/krb5.conf
- [libdefaults]
- default_realm = GREP.BE
- kdc_timesync = 1
- forwardable = true
- proxiable = true
- [realms]
- GREP.BE = {
- kdc = kdc.grep.be
- kdc = kdc-1.grep.be
- admin_server = kdc.grep.be
- }
- [login]
- krb4_convert = false
- krb4_get_tickets = false
- EOF
- Now, use
kadminto create the server principal.- kadmin
- Next, create an NFS export and restart NFS
- cp /etc/exports /etc/exports.orig
- echo '/nfs gss/krb5i(sync,subtree_check,rw)' > /etc/exports
- mkdir /nfs
- service nfs restart
- Download the connectathon testsuite
- git clone git://fedorapeople.org/~steved/cthon04
- Run the connectathon testsuite from the client.
- cd cthon04
- make
- ./runcthon --server <server IP> --serverdir /nfs
Expected Results
- Step #1 completes without error.
- The testsuite finishes without error; no nfs*.error files in /tmp.