Steven Jones wrote:

Sort of minor but I find the following a bit inconsistent,

I am looking at section 9.3.1, item no 3

I think it should say,

3. Generate the nfs service keytab, there are two methods,

i) On the NFS server, with this command "etc etc"

ii) On a different machine do a)....b)...c)...d)

The distinction is really "whether the machine has ipa-getkeytab or not." The NFS server could be a Solaris machine in which case you'd have to do all this elsewhere.

I think this is trying to say "if your NFS server is a Linux machine you can directly update /etc/krb5.keytab with these keys and be done with it."

Perhaps a little more language about this distinction would help.

for your b) You say "Copy over to the NFS host machine" where earlier you said NFS 
server, you repeat this in d)   for consistency it should be "server" it certainly slows 
my understanding down when I see such things being mixed up....

Yup, I agree.

I also see under 6.5.1 point 6 that there is a ipa-getkeytab command but as per 
NFS is that run on the server that is providing the service? or on the IPA 
server, I find it unclear.......thinking about it its on the target server 
offering the service I think you are saying, but by then Ive lost my train of 

ipa-getkeytab can be run anywhere for any service. It is just more convenient to run it on the target machine because then you don't have to move around keytabs (and do the nasty work in d).

Thanks for the feedback, I opened a doc bug, Feel free to add more details if I've missed something.


Freeipa-users mailing list

Reply via email to