[Freeipa-devel] web gui dev env issues
Simo Sorce
ssorce at redhat.com
Fri Sep 21 13:21:10 UTC 2007
On Thu, 2007-09-20 at 16:44 -0700, Kevin McCarthy wrote:
> So after the latest push, I've still been unable to get my dev
> environment working again. My debugging shows the correct file name is
> making it all the way up to the
> conn.set_krbccache(krbccache) in funcs.py.
>
> In my krb5kdc.log file, I'm seeing a couple interesting errors:
>
> Sep 20 14:53:57 tuna.usersys.redhat.com krb5kdc[3602](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 172.16.25.136: UNKNOWN_SERVER: authtime 1190325099, test at FREEIPA.ORG for host/dhcp-172-16-25-252.sfbay.redhat.com at FREEIPA.ORG, Server not found in Kerberos database
>
> The interesting thing is that my vm running ipa is tuna.usersys.redhat.com
> (172.16.25.136). The host referenced above in the log file is my main laptop -
> where I'm running the browser hitting the web gui. Is my browser host
> information somehow making it all the way through as part of this?
This must be a bug, I see no reason why something should try to contact
your laptop.
> The other line that may be relevant is
>
> Sep 20 15:55:18 tuna.usersys.redhat.com krb5kdc[3602](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 172.16.25.136: NEEDED_PREAUTH: test at FREEIPA.ORG for krbtgt/FREEIPA.ORG at FREEIPA.ORG, Additional pre-authentication required
>
This means the account does not have the Preauth bit set. When it is set
the key material is calculated differently. Uhmm I guess I should set
this in the ipa_kpasswd module
Meanwhile you can work around this by removing the option
from /var/kerberos/krb5kdc/kdc.conf and restart krb5kdc
Simo.
More information about the Freeipa-devel
mailing list