Talk:Kerberos

From ArchWiki
Revision as of 22:26, 31 August 2017 by Mal (talk | contribs) (Comments on my reorganization of anna's reorganization)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Kerberos#Domain_creation Where does logging.* = CONSOLE end up? As far as I can see, this completely breaks logging.

Kerberos#Create_client_principals "Finally, copy /etc/krb5.keytab from the server to the client: # scp kbserver.example.com:/etc/krb5.keytab /etc/krb5.keytab" DO NOT DO THIS. YOUR CLIENTS SHOULD NOT HAVE THE SERVER KEYS. Same thing in the NFS section.

In my opinion, configuring your firewall and DNS are not advanced topics, but very common ones used in most secure server configurations. If you feel strongly, feel free to explain your reasoning.

Is using `-o sec=krb5` or similar in the mount command ever required? I use `mount -t nfs4 -o vers=4.2 host:/path /path` for sec=krb5p exports.

Finally, I kind of want to remove those "certdepot" references, since they advise copying the server's entire keytab to all clients...

- Mal (talk) 22:26, 31 August 2017 (UTC)