[Freeipa-users] Solaris kerberos - fail
Simo Sorce
simo at redhat.com
Wed Feb 15 20:32:42 UTC 2012
On Wed, 2012-02-15 at 20:49 +0100, Sigbjorn Lie wrote:
> Hi,
>
> I see that the documentation for configuring kerberos on Solaris has
> changed since the last time I looked.
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10
>
> kclient fails if I pre-create the account in IPA, and attempt to kclient
> configure the client. If I don't, it successfully retreives a keytab for
> the host, but I'm unable to add the host as a host in IPA as the
> kerberos principal is already used.
>
> I suppose there is a LDAP ACL preventing me from doing this?
>
> Can I work around this somehow, having the host account in IPA and using
> kclient to configure Solaris hosts at the same time?
Sigbjorn,
running kadmind in FreeIPA < 2.2 is completely unsupported and there are
ACLs that explicitly prevent it from changing data in LDAP.
I will investigate about those instructions and correct them as
necessary, they appear incorrect.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list