[Freeipa-users] ipa -v ping lies about the cert database
Harald Dunkel
harald.dunkel at aixigo.de
Fri Apr 15 09:42:38 UTC 2016
Hi folks,
If I run "kinit admin; ipa -v ping" as a regular user, then I get
ipa: INFO: trying https://ipa2.example.com/ipa/json
ipa: INFO: Connection to https://ipa2.example.com/ipa/json failed with (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
ipa: INFO: trying https://ipa1.example.com/ipa/json
ipa: INFO: Connection to https://ipa1.example.com/ipa/json failed with (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
ipa: ERROR: cannot connect to 'any of the configured servers': https://ipa2.example.com/ipa/json, https://ipa1.example.com/ipa/json
Using root there is no problem. Obviously this is a Unix
access problem, not an old database.
I would like to avoid running maintenance scripts as root,
if possible. The error message doesn't include any path
information, so I wonder how I can fix the access problem
without opening the system too wide?
Every helpful hint is highly appreciated
Harri
More information about the Freeipa-users
mailing list