[Freeipa-users] kinit admin not working anymore (LOCKED_OUT: Clients credentials have been revoked)

Torsten Harenberg harenberg at physik.uni-wuppertal.de
Thu Sep 3 09:19:08 UTC 2015 

Sorry for self-replying, I was able to solve it by using the 2nd IPA server:

[root at ipa2 ~]# kinit admin
Password for admin at PLEIADES.UNI-WUPPERTAL.DE:
[root at ipa2 ~]# ipa user-status admin
-----------------------
Account disabled: False
-----------------------
  Server: ipa.pleiades.uni-wuppertal.de
  Failed logins: 0
  Last successful authentication: 20150903090946Z
  Last failed authentication: 20150903090808Z
  Time now: 2015-09-03T09:09:47Z

  Server: ipa2.pleiades.uni-wuppertal.de
  Failed logins: 0
  Last successful authentication: 20150903090946Z
  Last failed authentication: 20150903090851Z
  Time now: 2015-09-03T09:09:47Z
-------------------------------------
Anzahl der zurückgegebenen Einträge 2
-------------------------------------
[root at ipa2 ~]# ipa user-unlock admin
-----------------------------
Konto »admin« wurde entsperrt
-----------------------------
[root at ipa2 ~]#


and now it works again on the primary:

[root at ipa ~]# kinit  admin
Password for admin at PLEIADES.UNI-WUPPERTAL.DE:
[root at ipa ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin at PLEIADES.UNI-WUPPERTAL.DE

Valid starting       Expires              Service principal
03.09.2015 11:11:07  04.09.2015 11:11:04
krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE
[root at ipa ~]#


(Sorry for the german messages, my working machine is set to german).


Is there any to find out why the admin user was unlocked on the primary
machine? And would it be also possible to unlock the "admin" user with
one of the accounts inside the "admins" group? I am a bit afraid that we
will lock out ourselves next time that happens.

Thanks

 Torsten



-- 
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>                                                              <>
<> Dr. Torsten Harenberg     harenberg at physik.uni-wuppertal.de  <>
<> Bergische Universitaet                                       <>
<> FB C - Physik             Tel.: +49 (0)202 439-3521          <>
<> Gaussstr. 20              Fax : +49 (0)202 439-2811          <>
<> 42097 Wuppertal                                              <>
<>                                                              <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>

More information about the Freeipa-users mailing list