[Freeipa-users] IPA and NFS
Westerlund Johnny
johnny.westerlund at atea.se
Tue Feb 7 17:01:44 UTC 2012
I'm pretty sure this doesn't work.
I've created the nfs/client.host.name and exported it via ipa-getkeytab -s <server> -p nfs/client.host.name -e des-cbc-crc.
enabled secure nfs in /etc/sysconfig/nfs
Then i did the same with the server. Create the nfs/server.host.name nad export via ipa-getkeytab -s <server> -p nfs/server.host.name -e des-cbc-crc.
And also enable secure nfs
I'll send an update when i have time to look at this again. But i'm pretty sure that it didnt work.
________________________________________
Från: Simo Sorce [simo at redhat.com]
Skickat: den 7 februari 2012 17:35
Till: Westerlund Johnny
Kopia: freeipa-users at redhat.com
Ämne: Re: SV: [Freeipa-users] IPA and NFS
On Tue, 2012-02-07 at 17:10 +0100, Westerlund Johnny wrote:
> OK, so how do i enable des keys on my KDC? I'm running the IPA on RHEL6.2 so it's the one from the channel, is it 2.1.4? I don't have the machine infront of me so i cant check.
> The documentation does not state that you need to enable des keys on the IPA while setting up this. It only states that you need to enable allow_weak_crypto in krb5.conf
> and make sure you export your NFS principal with -e des-cbc-crc .
2.1.x still did not disable DES keys by default, so you should be
already all set since you changed the 'allow weak crypto' parameter in
krb5.conf on the server.
Now all you need to do is to get a nfs/fqdn keytab that uses only DES
keys for your NFS server as well for the clients.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list