[Freeipa-users] authentication with latest putty fails
Sumit Bose
sbose at redhat.com
Mon Jan 7 09:21:29 UTC 2013
On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote:
> There was something going on with a firewall blocking something and that
> windows host didn't have a cert yet. But still:
>
> Using Kerberos authentication
> Using principal fh at REALM
> Got host ticket host/test-server-ipa.domain at REALM
> Using username "fh".
> Successful Kerberos connection
> Last login: Mon Jan 7 07:38:19 2013 from ipa-w7.domain
> [fh at test-server-ipa ~]$ klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1554800011)
>
> klist on the host shows all tickets are forwordable and the forwarding
> option in both putty versions is on.
yes, but the other flag is used by Windows to check if the target
service can be trusted, see e.g. the 'How do I use delegation?' section
on http://support.microsoft.com/kb/266080 .
>
> Which version of FreeIPA are you using? There are issues in older
> > version which prevents kadmin.local from working.
> >
>
> The default stable:
>
> [root at auth-ipa ssl_for_ipa-w7]# rpm -qa |grep ipa-
> ipa-client-2.2.0-16.el6.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> ipa-admintools-2.2.0-16.el6.x86_64
> ipa-server-selinux-2.2.0-16.el6.x86_64
> ipa-server-2.2.0-16.el6.x86_64
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> ipa-python-2.2.0-16.el6.x86_64
>
I'll set up a server and check why kadmin.local is not working.
bye,
Sumit
More information about the Freeipa-users
mailing list