[Freeipa-users] Firefox on OS X 10.6 problem
Stephen Ingram
sbingram at gmail.com
Mon Mar 19 17:10:07 UTC 2012
On Mon, Mar 19, 2012 at 9:31 AM, Maciej Sawicki
<maciej.sawicki at polidea.pl> wrote:
> Hi,
> Today I setup free ipa on CentOS release 6.2. I configured my client
> machine, that is:
> 1. I edited my "/Library/Preferences/edu.mit.Kerberos" file so it has
> following content:
> [domain_realm]
> polidea.pl = POLIDEA.PL
> .polidea.pl = .POLIDEA.PL
> [libdefaults]
> default_realm = POLIDEA.PL
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> forwardable = yes
> [realms]
> POLIDEA.PL = {
> admin_server = free-ipa.polidea.pl:749
> default_domain = polidea.pl
> kdc = free-ipa.polidea.pl:88
> }
>
> [logging]
> kdc = FILE:/var/log/krb5kdc/kdc.log
> admin_server = FILE:/var/log/krb5kdc/kadmin.log
> I
>
> I run open /System/Library/Coreservices/Ticket\ Viewer.app and added
> admin at POLIDEA.PL identity (i get ticket so password is valid)
>
> also i configured my firefox like in this link:
> http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser
>
> Unfortunately when I try to login I get following error:
> "Your kerberos ticket is no longer valid. Please run kinit and then
> click 'Retry'. If this is your first time running the IPA Web UI
> follow these directions to configure your browser."
>
> my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's
> entries from today).
>
> I will appreciate any help.
I just edited /etc/krb5.conf on my mac and then kinit from command
line and you should see ticket in the Ticket Viewer app. From there,
you should be able to renew the ticket inside the app or from command
line. I did not touch the /Library/Preferences/edu.mit.Kerberos file
at all.
Steve
More information about the Freeipa-users
mailing list