Steven Jones wrote:
Sort of minor but I find the following a bit inconsistent,
I am looking at section 9.3.1, item no 3
I think it should say,
3. Generate the nfs service keytab, there are two methods,
i) On the NFS server, with this command "etc etc"
ii) On a different machine do a)....b)...c)...d)
The distinction is really "whether the machine has ipa-getkeytab or
not." The NFS server could be a Solaris machine in which case you'd have
to do all this elsewhere.
I think this is trying to say "if your NFS server is a Linux machine you
can directly update /etc/krb5.keytab with these keys and be done with it."
Perhaps a little more language about this distinction would help.
for your b) You say "Copy over to the NFS host machine" where earlier you said NFS
server, you repeat this in d) for consistency it should be "server" it certainly slows
my understanding down when I see such things being mixed up....
Yup, I agree.
I also see under 6.5.1 point 6 that there is a ipa-getkeytab command but as per
NFS is that run on the server that is providing the service? or on the IPA
server, I find it unclear.......thinking about it its on the target server
offering the service I think you are saying, but by then Ive lost my train of
ipa-getkeytab can be run anywhere for any service. It is just more
convenient to run it on the target machine because then you don't have
to move around keytabs (and do the nasty work in 126.96.36.199 d).
Thanks for the feedback, I opened a doc bug,
https://bugzilla.redhat.com/show_bug.cgi?id=791077 Feel free to add more
details if I've missed something.
Freeipa-users mailing list