I have a kerberized NFSv4 setup working well under Ubuntu for regular users, but I cannot get it working for root.
For most systems, I do not want to allow root access, but I have a couple servers where root access over NFS to this file server is mandatory.
I know that root on a given client uses the client's machine identity, rather than an ordinary kerberos principal.
What I can't figure out is: how can I equate a given machine identity with root access on the server? This seems possible under AIX and Solaris (with root= in the server's export file), but not linux.
I realize that I can allow "sys" authentication for only the hosts that need it and keep krb5 in place for all the others, but I would like to understand how to do it within the context of a fully kerberized environment.
Thanks,
nrb
P.S. I am using no_root_squash.