On Fri, 2012-06-29 at 07:18 -0700, george he wrote: > Hello all, > > > Now I have an ipa server and a few ipa clients set up, I need to set > up an nfs server on one of the ipa-clients. > I'm following the instructions here > https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html > where at 8.c and 8.d, it says > > > scp /tmp/krb5.keytab r...@nfs.example.com:/etc/krb5.keytab > > and > > scp /tmp/krb5.keytab r...@client.example.com:/etc/krb5.keytab > > > > But the file /etc/krb5.keytab already exists on both of the ipa-server > and the nfs-server. > Should I just over-write the existing keytabs?
No, you should not overwrite them if they contain the host keytab. If they are ipa clients and you can install admin tools you can simply run the ipa-getkeytab command on the right machine directly. if you can't for whatever reason you should copy the new keytab to the machine in a temporary (but protected) location like /root/nfs.keytab Then use the ktutil tool to merge the 2 keytab files into /etc/krb5.keytab ktutil is not the most intuitive tool, but the documentation should be good enough to sort out what you need to do. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users