26 Nov
2014
26 Nov
'14
1:50 p.m.
On 26/11/14 09:54, John Hodrien wrote:
On Wed, 26 Nov 2014, Longina Przybyszewska wrote:
You have to be careful if you use as me, SSSD and NFS4+krb ; NFS doesn’t agree on connection with sec=krb5 if hostname doesn't match the hostname in keytab file.
There's nothing stopping you having RABBITS$@DOMAIN and nfs/fqdn@DOMAIN and NFS should be perfectly happy. Having correctly defined fqdn princs is obviously rather important to lots of services.
jh
Hi Simplifying further, only the nfs server needs the nfs/ principal. Clients are happy with MACHINE$ or host/, which you usually have anyway. HTH, Steve