[Freeipa-users] nfs server
george he
george_he7 at yahoo.com
Fri Jun 29 14:45:25 UTC 2012
Hello Simo,
So you mean I should run
ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU -k /tmp/krb5.keytab
on the ipa-server, and
ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU-k my.ipaserver.edu:/tmp/krb5.keytab
on the nfs-server? where /tmp/krb5.keytab is the key generated on the ipa-server for nfs.
Thanks,
George
>________________________________
> From: Simo Sorce <simo at redhat.com>
>To: george he <george_he7 at yahoo.com>
>Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>Sent: Friday, June 29, 2012 10:24 AM
>Subject: Re: [Freeipa-users] nfs server
>
>On Fri, 2012-06-29 at 07:18 -0700, george he wrote:
>> Hello all,
>>
>>
>> Now I have an ipa server and a few ipa clients set up, I need to set
>> up an nfs server on one of the ipa-clients.
>> I'm following the instructions here
>> https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
>> where at 8.c and 8.d, it says
>>
>>
>> scp /tmp/krb5.keytab root at nfs.example.com:/etc/krb5.keytab
>>
>> and
>>
>> scp /tmp/krb5.keytab root at client.example.com:/etc/krb5.keytab
>>
>>
>>
>> But the file /etc/krb5.keytab already exists on both of the ipa-server
>> and the nfs-server.
>> Should I just over-write the existing keytabs?
>
>No, you should not overwrite them if they contain the host keytab.
>
>If they are ipa clients and you can install admin tools you can simply
>run the ipa-getkeytab command on the right machine directly.
>
>if you can't for whatever reason you should copy the new keytab to the
>machine in a temporary (but protected) location like /root/nfs.keytab
>
>Then use the ktutil tool to merge the 2 keytab files
>into /etc/krb5.keytab
>
>ktutil is not the most intuitive tool, but the documentation should be
>good enough to sort out what you need to do.
>
>Simo.
>
>--
>Simo Sorce * Red Hat, Inc * New York
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120629/5cb3d630/attachment.htm>
More information about the Freeipa-users
mailing list