Ondrej Valousek wrote:
Three notes:

1.

/export *(rw,sec=krb5,no_subtree_check,no_root_squash)
is better than
/export gss/krb5(rw,no_subtree_check,no_root_squash)

2. Kerberos library is still too picky about reverse DNS records - i.e.
if the reverse DNS does not match the principal name in keytab, you are
most likely to fail.

3. We should still mention the rpc.idmapd settings I think - people are
still used to nfsv3 so this might be confusing to them.

This is good for F-16 (and probably RHEL 6) but it is dated for Fedora.

The ipa-client-automount tool will do all this for a client. It is still an exercise for the user to set up a server.

The mechanism for configuring weak crypto on the server needs work too. We disable DES by default now.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to