On Fri, 2012-06-29 at 07:45 -0700, george he wrote: > Hello Simo, > > > So you mean I should run > > > ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu > -k /tmp/krb5.keytab > > > on the ipa-server, and
You should run the command only once (running more than once will simply invalidate whatever you downloaded in previous runs), preferably on the target server so you avoid the need of transfering keytab files around. > > > ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu > -k my.ipaserver.edu:/tmp/krb5.keytab > > > on the nfs-server? where /tmp/krb5.keytab is the key generated on the > ipa-server for nfs. If you have ipa-getkeytab on the target server (my.nfsserve.edu) in your case just run it there and point it at /etc/krb5.keytab directly. The ipa-getkeytab command does not rewrite the file it appends the new keys there, which is what you want. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users