[Freeipa-users] ipa-*: Did not receive Kerberos credentials.
Simo Sorce
ssorce at redhat.com
Tue Dec 16 16:34:13 UTC 2008
On Tue, 2008-12-16 at 17:29 +0100, Thomas Sailer wrote:
> Now the final problem I seem to be having is the command line tools.
>
> The gui works fine.
>
> When I invoke an ipa-* command line tool, I get the following:
> # ipa-finduser admin
> Did not receive Kerberos credentials.
>
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at XXXX.COM
>
> Valid starting Expires Service principal
> 12/16/08 17:01:28 12/17/08 17:01:25 krbtgt/XXXX.COM at XXXX.COM
> 12/16/08 17:02:05 12/17/08 17:01:25 HTTP/server.xxxx.com at XXXX.COM
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
> The httpd debug log doesn't show any error, and setting PythonDebug and
> IPADebug to on does not help either. The httpd forensic log shows that
> both firefox and ipa-finduser send an Authorization:negotiate header,
> but the latter sends different and less coded binary data.
>
> Does anyone have an idea what could be wrong?
It's the said effect of an unfortunate package update in Fedora.
Make sure you have python-kerberos-1.1-3 and ipa-server-1.2.1-1 packages
The patch that fix this but for PyKerberos 1.1 is not yet in the master
branch, I will add it soon.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list