[Freeipa-users] NFS v4 integration how to
Rob Crittenden
rcritten at redhat.com
Fri Dec 7 14:23:04 UTC 2012
Ondrej Valousek wrote:
> Three notes:
>
> 1.
>
> /export *(rw,sec=krb5,no_subtree_check,no_root_squash)
> is better than
> /export gss/krb5(rw,no_subtree_check,no_root_squash)
>
> 2. Kerberos library is still too picky about reverse DNS records - i.e.
> if the reverse DNS does not match the principal name in keytab, you are
> most likely to fail.
>
> 3. We should still mention the rpc.idmapd settings I think - people are
> still used to nfsv3 so this might be confusing to them.
This is good for F-16 (and probably RHEL 6) but it is dated for Fedora.
The ipa-client-automount tool will do all this for a client. It is still
an exercise for the user to set up a server.
The mechanism for configuring weak crypto on the server needs work too.
We disable DES by default now.
rob
More information about the Freeipa-users
mailing list