<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000066">
    Three notes:<br>
    <br>
    1.<br>
    <pre>/export *(rw,sec=krb5,no_subtree_check,no_root_squash)
is better than
/export gss/krb5(rw,no_subtree_check,no_root_squash)
</pre>
    2. Kerberos library is still too picky about reverse DNS records -
    i.e. if the reverse DNS does not match the principal name in keytab,
    you are most likely to fail.<br>
    <br>
    3. We should still mention the rpc.idmapd settings I think - people
    are still used to nfsv3 so this might be confusing to them.<br>
    <br>
    Ondrej<br>
    <br>
    On 12/07/2012 01:13 PM, Christian Horn wrote:
    <blockquote cite="mid:20121207121342.GA11228@fluxcoil.net"
      type="cite">
      <pre wrap="">On Fri, Dec 07, 2012 at 01:02:01PM +0100, Petr Spacek wrote:
</pre>
      <blockquote type="cite">
        <pre wrap="">
I accidentally found following how-to:
<a class="moz-txt-link-freetext" href="http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA">http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA</a>
Did somebody try it? Did it work?
</pre>
      </blockquote>
      <pre wrap="">
Looks good, althou I like the 'nfsroot' style of nfsv4.
My notes are at 
<a class="moz-txt-link-freetext" href="http://fluxcoil.net/doku.php/software/nfs/01_setup_with_ipa">http://fluxcoil.net/doku.php/software/nfs/01_setup_with_ipa</a> .

Christian

_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a>
</pre>
    </blockquote>
  </body>
</html>