[Freeipa-users] nfs server
Simo Sorce
simo at redhat.com
Fri Jun 29 14:53:04 UTC 2012
On Fri, 2012-06-29 at 07:45 -0700, george he wrote:
> Hello Simo,
>
>
> So you mean I should run
>
>
> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU
> -k /tmp/krb5.keytab
>
>
> on the ipa-server, and
You should run the command only once (running more than once will simply
invalidate whatever you downloaded in previous runs), preferably on the
target server so you avoid the need of transfering keytab files around.
>
>
> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU
> -k my.ipaserver.edu:/tmp/krb5.keytab
>
>
> on the nfs-server? where /tmp/krb5.keytab is the key generated on the
> ipa-server for nfs.
If you have ipa-getkeytab on the target server (my.nfsserve.edu) in your
case just run it there and point it at /etc/krb5.keytab directly.
The ipa-getkeytab command does not rewrite the file it appends the new
keys there, which is what you want.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list