[Freeipa-users] nfs server
george he
george_he7 at yahoo.com
Fri Jun 29 15:08:09 UTC 2012
Hello,
do you mean to run only this on the nfs-server?
ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU -k /etc/krb5.keytab
Rob says to run ipa-getkeytab on each machine... So I guess I should run the above command on the ipa-server before I run it on the nfs-server?
Otherwise it seems to me the nfs-server won't know the new keytab in /tmp/ on the ipa-server.
Thanks,
George
>________________________________
> From: Simo Sorce <simo at redhat.com>
>To: george he <george_he7 at yahoo.com>
>Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>Sent: Friday, June 29, 2012 10:53 AM
>Subject: Re: [Freeipa-users] nfs server
>
>On Fri, 2012-06-29 at 07:45 -0700, george he wrote:
>> Hello Simo,
>>
>>
>> So you mean I should run
>>
>>
>> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU
>> -k /tmp/krb5.keytab
>>
>>
>> on the ipa-server, and
>
>
>You should run the command only once (running more than once will simply
>invalidate whatever you downloaded in previous runs), preferably on the
>target server so you avoid the need of transfering keytab files around.
>>
>>
>> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve.edu at MYREALM.EDU
>> -k my.ipaserver.edu:/tmp/krb5.keytab
>>
>>
>> on the nfs-server? where /tmp/krb5.keytab is the key generated on the
>> ipa-server for nfs.
>
>If you have ipa-getkeytab on the target server (my.nfsserve.edu) in your
>case just run it there and point it at /etc/krb5.keytab directly.
>
>The ipa-getkeytab command does not rewrite the file it appends the new
>keys there, which is what you want.
>
>
>Simo.
>
>
>--
>Simo Sorce * Red Hat, Inc * New York
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120629/86b8d51f/attachment.htm>
More information about the Freeipa-users
mailing list