[Freeipa-users] nfs server

george he george_he7 at yahoo.com
Fri Jun 29 14:45:25 UTC 2012 

Hello Simo,

So you mean I should run

ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU -k /tmp/krb5.keytab

on the ipa-server, and 


ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU-k my.ipaserver.edu:/tmp/krb5.keytab

on the nfs-server? where /tmp/krb5.keytab is the key generated on the ipa-server for nfs.

Thanks,
George





>________________________________
> From: Simo Sorce <simo at redhat.com>
>To: george he <george_he7 at yahoo.com> 
>Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com> 
>Sent: Friday, June 29, 2012 10:24 AM
>Subject: Re: [Freeipa-users] nfs server
> 
>On Fri, 2012-06-29 at 07:18 -0700, george he wrote:
>> Hello all,
>> 
>> 
>> Now I have an ipa server and a few ipa clients set up, I need to set
>> up an nfs server on one of the ipa-clients.
>> I'm following the instructions here
>> https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
>> where at 8.c and 8.d, it says
>> 
>> 
>> scp /tmp/krb5.keytab root at nfs.example.com:/etc/krb5.keytab
>> 
>> and 
>> 
>> scp /tmp/krb5.keytab root at client.example.com:/etc/krb5.keytab
>> 
>> 
>> 
>> But the file /etc/krb5.keytab already exists on both of the ipa-server
>> and the nfs-server.
>> Should I just over-write the existing keytabs?
>
>No, you should not overwrite them if they contain the host keytab.
>
>If they are ipa clients and you can install admin tools you can simply
>run the ipa-getkeytab command on the right machine directly.
>
>if you can't for whatever reason you should copy the new keytab to the
>machine in a temporary (but protected) location like /root/nfs.keytab
>
>Then use the ktutil tool to merge the 2 keytab files
>into /etc/krb5.keytab
>
>ktutil is not the most intuitive tool, but the documentation should be
>good enough to sort out what you need to do.
>
>Simo.
>
>-- 
>Simo Sorce * Red Hat, Inc * New York
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120629/5cb3d630/attachment.htm>

More information about the Freeipa-users mailing list