Ondrej Valousek wrote:
Three notes:
1.
/export *(rw,sec=krb5,no_subtree_check,no_root_squash)
is better than
/export gss/krb5(rw,no_subtree_check,no_root_squash)
2. Kerberos library is still too picky about reverse DNS records - i.e.
if the reverse DNS does not match the principal name in keytab, you are
most likely to fail.
3. We should still mention the rpc.idmapd settings I think - people are
still used to nfsv3 so this might be confusing to them.
This is good for F-16 (and probably RHEL 6) but it is dated for Fedora.
The ipa-client-automount tool will do all this for a client. It is still
an exercise for the user to set up a server.
The mechanism for configuring weak crypto on the server needs work too.
We disable DES by default now.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
