An administrator is tasked with setting up Kerberos authentication only for the vSAN File services.
Which version of Kerberos must be selected if the NFS version is v4.1?
An administrator is tasked with setting up Kerberos authentication only for the vSAN File services.
Which version of Kerberos must be selected if the NFS version is v4.1?
To set up Kerberos authentication for vSAN File services with NFS version 4.1, the correct version of Kerberos to select is krb5. Kerberos v5 (krb5) provides secure authentication, which is particularly important for ensuring the legitimate access of NFS clients. This version is designed specifically for authentication without additional features such as checksums or encryption.
C For sure
Agreed with C. https://blogs.vmware.com/virtualblocks/2020/09/17/vsan-7-u1-file-services/
Answer C Because krb5 for authentication only, or krb5i for authentication and data integrity. https://core.vmware.com/resource/best-practices-running-nfs-vmware-vsphere#sec9459-sub5
Support of Kerberos authentication helps prevent access of NFS clients through other, more vulnerable methods such as auth_sys. vSAN supports all 3 Kerberos authentication modes, KRB5, KRB5I and KRB5P. • KRB5, which limits its role to secure authentication. (only on NFSv4.1) • KRB5I includes security authentication + checksum. • KRB5P includes secure authentication + checksum + encryption.
Answer is C. https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.storage.doc/GUID-987194A1-E4F8-470D-B28F-3B4DB9B4CCB4.html
Why in the heck does it show answer A as the suggestion when we all know it's C! :) https://core.vmware.com/resource/best-practices-running-nfs-vmware-vsphere#sec9459-sub5
i choose C
Figure 4 - Selecting krb5 for authentication only, or krb5i for authentication and data integrity