The NFS v4 configuration is only supported on Solaris 10.
Obtain a Kerberos ticket for the admin user.
# kinit admin
The ipa-admintools package is not available for Solaris. Consequently, you need to perform the following steps on the IPA server.
Add an NFS service principal for the client.
# ipa-addservice nfs/solarisipaclient.example.com
Create the NFS keytab file.
# ipa-getkeytab -s ipaserver.example.com -p nfs/solarisipaclient.example.com \ -k /tmp/krb5.keytab -e des-cbc-crc # klist -ket /tmp/krb5.keytab (to verify)
The Linux NFS implementation still has limited encryption type support. If your NFS server is hosted on a Linux machine, you may need to use the -e des-cbc-crc option to the ipa-getkeytab command for any nfs/<FQDN> service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
Copy the keytab from the server to the client.
# scp /tmp/krb5.keytab root@solarisipaclient.example.com:/tmp/krb5.keytab
On the IPA client, use the ktutil command to import the contents into the main host keytab.
# ktutil ktutil: read_kt /tmp/krb5.keytab ktutil: write_kt /etc/krb5/krb5.keytab ktutil: q
The IPA client should now be fully configured to mount NFS shares using Kerberos credentials.