[Freeipa-users] IPA documentation comment
Rob Crittenden
rcritten at redhat.com
Thu Feb 16 04:39:48 UTC 2012
Steven Jones wrote:
> Hi,
>
> Sort of minor but I find the following a bit inconsistent,
>
> I am looking at section 9.3.1, item no 3
>
> I think it should say,
>
> 3. Generate the nfs service keytab, there are two methods,
>
> i) On the NFS server, with this command "etc etc"
>
> ii) On a different machine do a)....b)...c)...d)
The distinction is really "whether the machine has ipa-getkeytab or
not." The NFS server could be a Solaris machine in which case you'd have
to do all this elsewhere.
I think this is trying to say "if your NFS server is a Linux machine you
can directly update /etc/krb5.keytab with these keys and be done with it."
Perhaps a little more language about this distinction would help.
>
> for your b) You say "Copy over to the NFS host machine" where earlier you said NFS server, you repeat this in d) for consistency it should be "server" it certainly slows my understanding down when I see such things being mixed up....
Yup, I agree.
>
> I also see under 6.5.1 point 6 that there is a ipa-getkeytab command but as per NFS is that run on the server that is providing the service? or on the IPA server, I find it unclear.......thinking about it its on the target server offering the service I think you are saying, but by then Ive lost my train of thought....
ipa-getkeytab can be run anywhere for any service. It is just more
convenient to run it on the target machine because then you don't have
to move around keytabs (and do the nasty work in 9.3.1.3 d).
Thanks for the feedback, I opened a doc bug,
https://bugzilla.redhat.com/show_bug.cgi?id=791077 Feel free to add more
details if I've missed something.
rob
More information about the Freeipa-users
mailing list