Start of change

z/OS NFS server with Kerberos authentication

This appendix is a guide to setting up and configuring z/OS NFS Server with Kerberos authentication support. It is a quick start guide which covers basic configurations of z/OS NFS Server with various NFS clients and various Key Distribution Centers (KDC s).

There are many possible configurations for a network with Kerberos. This guide does not attempt to cover every possible network topology or configuration. Nor does it cover all the configuration settings for z/OS NFS Server or the various KDCs.

Consult the official publications for a complete explanation of the configuration settings.

The outline on the following pages gives a breakdown of the workflows that this document covers. The workflows are:

  1. Single-realm configuration for z/OS NFS Server (KDC on Windows)

    This will guide you through setting up a Windows 10 workstation, which is domain-joined to a Windows Active Directory Server, for use with the z/OS NFS Server with Kerberos authentication. Once complete, a user will be able to securely mount an NFS-exported filesystem on a Windows 10 workstation. Both z/OS NFS Server and the Windows 10 workstation belong to a Kerberos realm on a KDC running on Windows Server.

  2. Multi-realm configuration for z/OS NFS Server (KDC on Windows + KDC on z/OS)

    This will guide you through setting up a Windows 10 workstation, which is domain-joined to a Windows Active Directory Server, for use with the z/OS NFS Server with Kerberos authentication. Once complete, a user will be able to securely mount an NFS-exported filesystem on a Windows 10 workstation. z/OS NFS Server belongs to a Kerberos realm on a z/OS KDC and the Windows 10 workstation belongs to a Kerberos realm on a KDC running on Windows Server. The z/OS KDC and the Windows Server KDC have a trust enabled which allows the Windows 10 workstation user to securely access the z/OS NFS Server.

  3. Single-realm configuration for z/OS NFS Server with Linux workstation (KDC on z/OS)

    This will guide you through setting up a Linux workstation for use with the z/OS NFS Server with Kerberos authentication. Once complete, a user will be able to securely mount an NFS-exported filesystem on a Linux workstation. Both z/OS NFS Server and the Linux workstation belong to a Kerberos realm on a KDC running on z/OS.

  4. Single-realm configuration for z/OS NFS Server with Linux workstation (KDC on Windows)

    This will guide you through setting up a Linux workstation for use with the z/OS NFS Server with Kerberos authentication. Once complete, a user will be able to securely mount an NFS-exported filesystem on a Linux workstation. Both z/OS NFS Server and the Linux workstation belong to a Kerberos realm on a KDC running on Windows Server 2012 or 2016.

  5. Single-realm configuration for z/OS NFS Server with z/OS NFS Client (KDC on Windows)

    This workflow will guide you through setting up the z/OS NFS client for use with the z/OS NFS Server with Kerberos authentication. Once complete, a user will be able to securely mount an NFS-exported filesystem using the z/OS NFS client. Both z/OS NFS Server and the z/OS NFS client belong to a Kerberos realm on a KDC running on Windows Server 2012 or 2016.

End of change