[Freeipa-users] Failed upgrade to 4.2 via RHEL 7.2
Petr Spacek
pspacek at redhat.com
Mon Jan 4 13:06:21 UTC 2016
On 4.1.2016 10:48, Martin Basti wrote:
>
>> [root at ipa01 ~]# kinit -k -t /etc/named.keytab DNS/ipa01.example.com
>> <http://ipa01.example.com>
>> [root at ipa01 ~]# klist
>> Ticket cache: KEYRING:persistent:0:krb_ccache_th1WCcV
>> Default principal: DNS/ipa01.example.com at EXAMPLE.COM
>> <mailto:DNS/ipa01.example.com at example.com>
>>
>> Valid starting Expires Service principal
>> 12/23/2015 02:07:14 12/24/2015 02:07:14 krbtgt/EXAMPLE.COM at EXAMPLE.COM
>> <mailto:krbtgt/EXAMPLE.COM at example.com>
>
> I have disabled unencrypted binds to 389, but I read somewhere this evening
> this should not be an issue since passwords were being sent and the STARTTLS
> is always being used.
Please write down *exact* configuration changes you did.
Generally named-pkcs11 is using GSSAPI and not TLS, so it will not work if you
enforced TLS on all connections.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list