Recently, I've been on a Kubernetes n00b journey and have been documenting the steps here: This is the Way – My K8s Learning Journey, Part 1: Installing my First K8s Cluster I've also started a new video series called "NetApp Nailed It: Kubernetes Edition" where I encounter problems of my own making and ask experts for … Continue reading NFS Kerberos in a Kubernetes pod? That’s unpossible!
Kerberos
It’s a Kerberos Khristmas!
Recently, I was working on a project where I was creating a POC of an Ubuntu container that could authenticate to LDAP and mount NFS Kerberos mounts without any interaction that would eventually be used in a Kubernetes environment. It was an improvement on the container image I created a while back in "Securing NFS … Continue reading It’s a Kerberos Khristmas!
Running PowerShell from Linux to Query SMB Shares in NetApp ONTAP
I recently got a question about how to perform the following scenario: Run a script from Linux that calls PowerShell on a remote Windows client using KerberosRemote Windows client uses PowerShell to authenticate against an ONTAP SMB share That's some Inception-style IT work. The issue they were having was that the credentials used to connect … Continue reading Running PowerShell from Linux to Query SMB Shares in NetApp ONTAP
New/Updated NAS Technical Reports! – Spring 2020
With the COVID-19 quarantine, stay at home orders and new 1-year ONTAP release cadence, I'm finding I have a lot more spare time, which translates into time to update old, crusty technical reports! Some of the old TRs hadn't been updated for 3 years or so. Much of the information in those still applied, but … Continue reading New/Updated NAS Technical Reports! – Spring 2020
Getting ONTAP NFS Kerberos to Work with FreeIPA
Obviously, with the social distancing/lockdowns happening, I have had more time to write up blogs on things. So, here's another one. If you have suggestions for topics, let me know and I'll see about writing them up. Before we get to the meat of what the title is (or scroll down to the bottom if … Continue reading Getting ONTAP NFS Kerberos to Work with FreeIPA
Securing NFS mounts in a Docker container
Setting up Kerberized NFS on a client can be a bit challenging, especially if you're trying to do it across multiple hosts. So, I decided I wanted to take on the challenge of creating an easy to deploy Docker container, using NetApp's Trident plugin to make life even easier. Why do I want Kerberos? With … Continue reading Securing NFS mounts in a Docker container
Kerberize your NFSv4.1 Datastores in ESXi 6.5 using NetApp ONTAP
End-to-end steps to configure NFS Kerberos for NFS datastores in ESXi 6.5 and ONTAP 9.x.
New dedicated NFS Kerberos TR is now available!
When I first started as the NFS TME about 5 years ago, I took TR-4073 and expanded upon it to make it into a larger solution document that covered LDAP, NFSv4.x and Kerberos. As a result, it ballooned from 50-60 pages to 275 pages. It seemed like a good idea at the time. ¯\_(ツ)_/¯ What … Continue reading New dedicated NFS Kerberos TR is now available!
Using NFSv4.x ACLs with NFSv3 in NetApp ONTAP? You betcha!
One thing I've come to realize from being in IT so long is that you should be constantly learning new things. If you aren't, it's not because you're smart or because you know everything; it's because you're stagnating. So, I was not surprised when I heard it was possible to apply NFSv4.x ACLs to files … Continue reading Using NFSv4.x ACLs with NFSv3 in NetApp ONTAP? You betcha!
Encrypt your NFS packets end to end with krb5p and ONTAP 9.2!
NFS has always had a running joke about security, with a play on the acronym stating that NFS was "Not For Security." With NFSv3 and prior, there was certainly truth to that, especially when NFS was mounted without Kerberos. But even using Kerberos in NFSv3 wasn't necessarily secure, as it only was applied to the … Continue reading Encrypt your NFS packets end to end with krb5p and ONTAP 9.2!