[Freeipa-users] keytab kvno differs between ipa servers
Lukas Slebodnik
lslebodn at redhat.com
Tue Nov 22 09:24:34 UTC 2016
On (21/11/16 13:54), Bjarne Blichfeldt wrote:
>ok Thanks
>
>I will try to debug that. No errors in the logs, the ldapsearch from your link works fine..
>ok work ahead...
>
>Regards
>
>Bjarne Blichfeldt
>
man 1 ipa-getkeytab says:
WARNING: retrieving the keytab resets the secret for the Kerberos prin‐
cipal. This renders all other keytabs for that principal invalid.
and also there is an option:
-r Retrieve mode. Retrieve an existing key from the server instead
of generating a new one. This is incompatibile with the --pass‐
word option, and will work only against a FreeIPA server more
recent than version 3.3. The user requesting the keytab must
have access to the keys for this operation to succeed.
HTH
LS
More information about the Freeipa-users
mailing list