[Freeipa-users] IPA certificates expired, please help!
Linov Suresh
linov.suresh at gmail.com
Fri Jul 22 14:48:25 UTC 2016
I agree with you Jakub, I will start separate thread for separate
issues.
On Fri, Jul 22, 2016 at 10:31 AM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Fri, Jul 22, 2016 at 09:36:27AM -0400, Linov Suresh wrote:
> > I'm facing another issue now, my kerberos tickets are not renewing,
>
> In general I think it's better to start separate threads about separate
> issues. That way people who only scan the subject lines can see if this
> thread is something they can help with :)
>
> >
> > *[root at caer ~]# ipa cert-show 1*
> > ipa: ERROR: Ticket expired
> >
> > *[root at caer ~]# klist*
> > Ticket cache: FILE:/tmp/krb5cc_0
> > Default principal: admin at TELOIP.NET
> >
> > Valid starting Expires Service principal
> > 07/20/16 14:42:26 07/21/16 14:42:22 krbtgt/TELOIP.NET at TELOIP.NET
> > 07/20/16 14:42:36 07/21/16 14:42:22 HTTP/caer.teloip.net at TELOIP.NET
> > 07/21/16 11:40:15 07/21/16 14:42:22 ldap/caer.teloip.net at TELOIP.NET
> >
> > I need to manually renew the tickets every day,
> >
> > *[root at caer ~]# kinit admin*
> > Password for admin at TELOIP.NET:
> > Warning: Your password will expire in 6 days on Thu Jul 28 15:20:15 2016
> >
> > *[root at caer ~]# klist *
> > Ticket cache: FILE:/tmp/krb5cc_0
> > Default principal: admin at TELOIP.NET
> >
> > Valid starting Expires Service principal
> > 07/22/16 09:34:52 07/23/16 09:34:49 krbtgt/TELOIP.NET at TELOIP.NET
>
> The first thing to keep in mind is that SSSD only renews tickets it
> 'knows about', so tickets that were acquired through SSSD, not directly
> with kinit.
>
> For options about renewing SSSD-acquired tickets, see man sssd-krb5 and
> search for renew.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160722/eab10e84/attachment.htm>
More information about the Freeipa-users
mailing list