[Freeipa-users] IPA + OpenAFS
Simo Sorce
simo at redhat.com
Wed Jul 11 19:23:33 UTC 2012
On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
> Because the integration of Kerberos in IPA, Kerberos tools can be used
> only in limited
> situations, when creating afs/DOMAIN at REALM with kadmin, I got this
> error:
> add_principal: Kerberos database constraints violated while creating
> "afs/DOMAIN at REALM"
>
Use ipa service-add to add services, never use kadmin.local, it will not
work, we hard-coded failures in the DB driver to prevent users from
doing that as kadmin doesn't know where to put and how to properly fill
up objects.
However you can use kadmin.local on a pre-existing principal to obtain a
new keytab.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list