Background (skippable): I need to use NFS locally, as I can't get SMB to support symlinks. I've got it set up so the workstation client 192.168.1.2 can access the NFS exports from TrueNAS. I'd like to have some security in case other devices take that IP and get full access. This could be in case the workstation is powered off, possibly in case of ARP poisoning, or in case part of the network is disconnected. (I'm not super bothered about encryption / sniffing / man-in-the middle attacks, but would like to have some authentication of the clients.)
Question: Are there any simple Applications or other easy methods to set up Kerberos to use with NFS? Or are there any alternatives to Kerberos for strong authentication? (is transport mode IPSec still a thing?)
I only really need system-level authentication (not user level) as long as I can trust the identity of the system. The NFS client systems use full-disk encryption so there can be a secret stored on them.
Question: Are there any simple Applications or other easy methods to set up Kerberos to use with NFS? Or are there any alternatives to Kerberos for strong authentication? (is transport mode IPSec still a thing?)
I only really need system-level authentication (not user level) as long as I can trust the identity of the system. The NFS client systems use full-disk encryption so there can be a secret stored on them.
