So you mean I should run
ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu -k
on the ipa-server, and
ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu-k
on the nfs-server? where /tmp/krb5.keytab is the key generated on the
ipa-server for nfs.
> From: Simo Sorce <s...@redhat.com>
>To: george he <george_...@yahoo.com>
>Cc: "email@example.com" <firstname.lastname@example.org>
>Sent: Friday, June 29, 2012 10:24 AM
>Subject: Re: [Freeipa-users] nfs server
>On Fri, 2012-06-29 at 07:18 -0700, george he wrote:
>> Hello all,
>> Now I have an ipa server and a few ipa clients set up, I need to set
>> up an nfs server on one of the ipa-clients.
>> I'm following the instructions here
>> where at 8.c and 8.d, it says
>> scp /tmp/krb5.keytab r...@nfs.example.com:/etc/krb5.keytab
>> scp /tmp/krb5.keytab r...@client.example.com:/etc/krb5.keytab
>> But the file /etc/krb5.keytab already exists on both of the ipa-server
>> and the nfs-server.
>> Should I just over-write the existing keytabs?
>No, you should not overwrite them if they contain the host keytab.
>If they are ipa clients and you can install admin tools you can simply
>run the ipa-getkeytab command on the right machine directly.
>if you can't for whatever reason you should copy the new keytab to the
>machine in a temporary (but protected) location like /root/nfs.keytab
>Then use the ktutil tool to merge the 2 keytab files
>ktutil is not the most intuitive tool, but the documentation should be
>good enough to sort out what you need to do.
>Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list