[Freeipa-users] kinit admin not working anymore (LOCKED_OUT: Clients credentials have been revoked)
Torsten Harenberg
harenberg at physik.uni-wuppertal.de
Fri Sep 4 06:57:12 UTC 2015
Janelle,
Am 03.09.15 um 21:38 schrieb Janelle:
> As soon as I get another failed replica in this state (about once every
> 2-3 weeks) I will post the logs and open a ticket. On one server, I
> simply did a reboot, and when it came back, the keytab was wrong and the
> replica now claimed that it was no longer a member of the replica list.
> Let me get more information and logs to open a ticket.
May I ask you to post a link to the ticket here once it's open? I am
really intereted to follow this issue.
Besides only two people having the password here, we have a two-factor
authentication on ssh, so there shouldn't be login failures via ssh to
valid accounts. I posted my "ipa user-show" output earlier.
But we run IPA to authenticate users to a compute cluster of about 3000
job slots, so there are in fact a lot of ssh connections to be handled.
And if a flood of jobs is started more or less at the same time, these
ssh connections will spread out in parallel. So that could match what
Rob was saying.
Hope we can find out at the end what is really causing this..
Best regards
Torsten
--
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Dr. Torsten Harenberg harenberg at physik.uni-wuppertal.de <>
<> Bergische Universitaet <>
<> FB C - Physik Tel.: +49 (0)202 439-3521 <>
<> Gaussstr. 20 Fax : +49 (0)202 439-2811 <>
<> 42097 Wuppertal <>
<> <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>
More information about the Freeipa-users
mailing list