Managing file storage

Acronis Cyber Infrastructure allows you to authenticate users for access to specific NFS shares via Kerberos.

Prerequisites

• NFS exports are created, as described in Creating NFS exports.

To enable user authentication in an NFS share

1. Assign a forward and reverse resolvable FQDN (fully qualified domain name) to share’s IP address.

2. On the Settings > Security > Kerberos tab, specify the following Kerberos information:

   1. In Realm, your DNS name in uppercase letters.
   2. In KDC service, the DNS name or IP address of the host running the realm’s key distribution center (KDC) service.

   3. In KDC administration service, the DNS name or IP address of the host running the realm’s KDC administration service.

      Usually, the KDC and its administration service run on the same host.

3. On the Kerberos server:

   1. Log in as administrator to the Kerberos database administration program.

   2. Add a principal for the share by using the command addprinc -randkey nfs/<share_FQDN>@<realm>. For example:

      # addprinc -randkey nfs/share1.example.com@example.com
      

   3. Generate a keytab (key table) for the principal and save it to a directory you can upload from. For example:

      # ktadd -k /tmp/krb5.keytab nfs/share1.example.com@example.com
      

4. On the Storage services > NFS > Share tab, select a share, and then click Authentication.
5. Upload the keytab file and click Save.