george he wrote:
Hello Simo,

So you mean I should run

ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu -k
/tmp/krb5.keytab

on the ipa-server, and

ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu-k
my.ipaserver.edu:/tmp/krb5.keytab

on the nfs-server? where /tmp/krb5.keytab is the key generated on the
ipa-server for nfs.

No.

Run ipa-getkeytab on each machine and point to /etc/krb5.keytab to avoid having to merge using ktutil.

On the client you get an nfs service principal for the client, and on the server you get an nfs service principal for the server. In other words, don't put a keytab entry for a different machine into your keytab.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to