Ondrej Valousek wrote:
is better than
2. Kerberos library is still too picky about reverse DNS records - i.e.
if the reverse DNS does not match the principal name in keytab, you are
most likely to fail.
3. We should still mention the rpc.idmapd settings I think - people are
still used to nfsv3 so this might be confusing to them.
This is good for F-16 (and probably RHEL 6) but it is dated for Fedora.
The ipa-client-automount tool will do all this for a client. It is still
an exercise for the user to set up a server.
The mechanism for configuring weak crypto on the server needs work too.
We disable DES by default now.
Freeipa-users mailing list