[Freeipa-users] nfs server
Rob Crittenden
rcritten at redhat.com
Fri Jun 29 14:53:07 UTC 2012
george he wrote:
> Hello Simo,
>
> So you mean I should run
>
> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU -k
> /tmp/krb5.keytab
>
> on the ipa-server, and
>
> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU-k
> my.ipaserver.edu:/tmp/krb5.keytab
>
> on the nfs-server? where /tmp/krb5.keytab is the key generated on the
> ipa-server for nfs.
No.
Run ipa-getkeytab on each machine and point to /etc/krb5.keytab to avoid
having to merge using ktutil.
On the client you get an nfs service principal for the client, and on
the server you get an nfs service principal for the server. In other
words, don't put a keytab entry for a different machine into your keytab.
rob
More information about the Freeipa-users
mailing list