- Notes, cautions, and warnings
- Additional Resources
- Overview
- Create NAS servers
- Configure NFS Exports
- Additional NAS Server Features
- More file system features
- NAS Server replication
- Using CEPA with PowerStore
You can configure the NAS Server with Kerberos.
Kerberos is a distributed authentication service designed to provide strong authentication with secret-key cryptography. It works on the basis of "tickets" that allow nodes communicating over a non-secure network to prove their identity in a secure manner. When configured to act as a secure NFS server, the NAS server uses the RPCSEC_GSS security framework and Kerberos authentication protocol to verify users and services.
If the NAS server has been configured with NFS only, and you are configuring Secure NFS, or LDAP with Kerberos, you must configure Kerberos with a custom realm before configuring security in PowerStore.
If the NAS server has been configured with both the NFS and SMB protocol, you have the option of using Kerberos that is inherited with AD since the domain joined SMB server exists on the NAS server.
The storage system must be configured with an NTP server. Kerberos relies on the correct time synchronization between the KDC, servers, and client on the network.
If you are configuring Kerberos for Secure NFS, be aware of the following: