Hi everyone !

Right now I can’t decide wich one is the most versatile and fit my personal needs, so I’m looking into your personal experience with each one of them, if you mind sharing your experience.

It’s mostly for secure shared volumes containing ebooks and media storage/files on my home network. Adding some security into the mix even tough I actually don’t need it (mostly for learning process).

More precisely how difficult is the NFS configuration with kerberos? Is it actually useful? Never used kerberos and have no idea how it works, so it’s a very much new tech on my side.

I would really apreciate some indepth personal experience and why you would considere one over another !

Thank you !

  • 2xsaiko
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    Thank you, but I will probably stay with samba at the moment which will probably fullfil my current needs and seems more complex than I thought !

    Then, take a look at ksmbd which is basically a mini SMB implementation in the kernel. I haven’t used it yet, but apparently it’s more performant and easier to set up.

    If you don’t mind… Can you tell very briefly what kerberos actually solves in a coporate environnement ? Please, give me a sneek peak of the subject that awaits me :) !!

    It provides single sign-on capability. As I already said Active Directory is built on Kerberos for authentication, but it’s used similarly on Linux, logging in to Kerberos gives you a TGT (ticket-granting ticket) which essentially allows you to also authenticate to other services like NFS, SSH (in which case it can forward your ticket to the machine you log on to), stuff like IMAP, even websites (though as far as I’ve seen you need to do some stupid per-domain manual setup for at least Firefox) without having to enter your password again, at least, until the ticket expires, or storing it anywhere. There’s much more that supports it but I’ve only used it for NFS and I’ve experimented with using it for SSH auth, and only for personal use, so I can’t tell you what exactly.

    It’s worth noting that it’s purely for authentication and not authorization, so if you want central permission management, something else will have to do that, such as LDAP which is also what AD uses.