[Freeipa-users] keytab for user
Stijn De Weirdt
stijn.deweirdt at ugent.be
Tue Aug 2 12:10:44 UTC 2016
so the trick is to first login with the random password, it will prompt
to renew it, and with a new password set, you can retrieve a usable keytab.
stijn
>
> i'm trying to create a keytab for a user via FreeIPA
>
> user was added via ipa user-add --random; keytab retrieved using
> ipa-getkeytab (using admin credentials)
>
> klist -k list shows a number of entries for same KVNO
>
> however, i cannot get any credentials using kinit -kt
>
> it always returns:
> "kinit: Password has expired while getting initial credentials"
>
> ipa user-show gives
>> Account disabled: False
>> Password: True
> ...
>> Kerberos keys available: True
>
> what am i doing wrong? (i never used the original random password to
> try to get initial credentials for this user; i don't even kept it ;)
>
> many thanks,
>
> stijn
>
More information about the Freeipa-users
mailing list