Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1327194

Summary: remove sec=sys from the "kerberized" export
Product: Red Hat Enterprise Linux 6 Reporter: ben haubeck <bhaubeck>
Component: doc-Identity_Management_GuideAssignee: Marc Muehlfeld <mmuehlfe>
Status: CLOSED CURRENTRELEASE QA Contact: Namita Soman <nsoman>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.7CC: mmuehlfe, rhel-docs
Target Milestone: rcKeywords: Documentation, EasyFix
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-11 07:08:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ben haubeck 2016-04-14 12:22:55 UTC 
Document URL: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/kerb-nfs.html

Section Number and Name: 
Chapter 18.3.1 Step 8 "Edit the /etc/exports file and add the Kerberos information:"

Describe the issue: 
in our documentation it describe how to export the export with sec=sys AND with sec=krb5[i|p], so it offers this for copy and paste:

/export  *(rw,sec=sys:krb5:krb5i:krb5p)

From my point of view this is but, because it is not adding any security to your environment as any not-so-kind-user, that is not voluntarily using kerberos, can mount the share with sec=sys and as we put the star in front, nearly everyone can mount the share. 
I agree, that this will not be done by the automounting IPA-clients that are configured according to our further documentation, but as I said: this leaves the door really wide open, AND there is no need for it.

Suggestions for improvement: 
change it to:

/export  *(rw,sec=krb5:krb5i:krb5p)

Additional information:
Comment 3 Marc Muehlfeld 2016-04-20 13:30:04 UTC 
I fixed the example.