[Freeipa-users] keytab kvno differs between ipa servers
Bjarne Blichfeldt
BJB at jndata.dk
Mon Nov 21 12:29:32 UTC 2016
IPA: VERSION: 4.4.0, API_VERSION: 2.213
This may be for lack of understanding the process, but..
When I retrieve a keytab for a principal using ipa-getkeytab, the kvno is increased on the idm.
In our test environment we have two ipa servers running and the kvno is only increased on one of them. After several retrivals, one principals kvno is now on 5 on ipa1 and 18 on ipa2.
That means the resulting keytab is only usable on one ipa server and results in a "password expired" message from the other ipa server.
How do I synchronize the two Kerberos servers and how do I avoid this?
Regards
Bjarne Blichfeldt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161121/213e25c9/attachment.htm>
More information about the Freeipa-users
mailing list