Hello,

do you mean to run only this on the nfs-server?


ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu -k 
/etc/krb5.keytab

Rob says to run ipa-getkeytab on each machine... So I guess I should run the 
above command on the ipa-server before I run it on the nfs-server?
Otherwise it seems to me the nfs-server won't know the new keytab in /tmp/ on 
the ipa-server.

Thanks,
George




>________________________________
> From: Simo Sorce <s...@redhat.com>
>To: george he <george_...@yahoo.com> 
>Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
>Sent: Friday, June 29, 2012 10:53 AM
>Subject: Re: [Freeipa-users] nfs server
> 
>On Fri, 2012-06-29 at 07:45 -0700, george he wrote:
>> Hello Simo,
>> 
>> 
>> So you mean I should run
>> 
>> 
>> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu
>> -k /tmp/krb5.keytab
>> 
>> 
>> on the ipa-server, and 
>
>
>You should run the command only once (running more than once will simply
>invalidate whatever you downloaded in previous runs), preferably on the
>target server so you avoid the need of transfering keytab files around.
>> 
>> 
>> ipa-getkeytab -s my.ipaserver.edu -p nfs/my.nfsserve....@myrealm.edu
>> -k my.ipaserver.edu:/tmp/krb5.keytab
>> 
>> 
>> on the nfs-server? where /tmp/krb5.keytab is the key generated on the
>> ipa-server for nfs.
>
>If you have ipa-getkeytab on the target server (my.nfsserve.edu) in your
>case just run it there and point it at /etc/krb5.keytab directly.
>
>The ipa-getkeytab command does not rewrite the file it appends the new
>keys there, which is what you want.
>
>
>Simo.
>
>
>-- 
>Simo Sorce * Red Hat, Inc * New York
>
>
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to