On Fri, 2012-06-29 at 07:18 -0700, george he wrote:
> Hello all,
> Now I have an ipa server and a few ipa clients set up, I need to set
> up an nfs server on one of the ipa-clients.
> I'm following the instructions here
> https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
> where at 8.c and 8.d, it says
> scp /tmp/krb5.keytab r...@nfs.example.com:/etc/krb5.keytab
> and 
> scp /tmp/krb5.keytab r...@client.example.com:/etc/krb5.keytab
> But the file /etc/krb5.keytab already exists on both of the ipa-server
> and the nfs-server.
> Should I just over-write the existing keytabs?

No, you should not overwrite them if they contain the host keytab.

If they are ipa clients and you can install admin tools you can simply
run the ipa-getkeytab command on the right machine directly.

if you can't for whatever reason you should copy the new keytab to the
machine in a temporary (but protected) location like /root/nfs.keytab

Then use the ktutil tool to merge the 2 keytab files
into /etc/krb5.keytab

ktutil is not the most intuitive tool, but the documentation should be
good enough to sort out what you need to do.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to