[Freeipa-users] IPA and NFS
Simo Sorce
simo at redhat.com
Tue Feb 7 16:35:40 UTC 2012
On Tue, 2012-02-07 at 17:10 +0100, Westerlund Johnny wrote:
> OK, so how do i enable des keys on my KDC? I'm running the IPA on RHEL6.2 so it's the one from the channel, is it 2.1.4? I don't have the machine infront of me so i cant check.
> The documentation does not state that you need to enable des keys on the IPA while setting up this. It only states that you need to enable allow_weak_crypto in krb5.conf
> and make sure you export your NFS principal with -e des-cbc-crc .
2.1.x still did not disable DES keys by default, so you should be
already all set since you changed the 'allow weak crypto' parameter in
krb5.conf on the server.
Now all you need to do is to get a nfs/fqdn keytab that uses only DES
keys for your NFS server as well for the clients.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list