[Freeipa-users] Admin cannot retrieve keytab -- is that expected?
Jan Pazdziora
jpazdziora at redhat.com
Mon Apr 17 10:35:38 UTC 2017
Hello,
on freeipa-server-4.4.4-1.fc25.x86_64, admin can generate and retrieve
new keytab for a service but they cannot retrieve the existing keys
with the -r option. Is that expected?
# kdestroy -A
# kinit admin
Password for admin at EXAMPLE.TEST:
# ipa host-add test1.example.test --force
-------------------------------
Added host "test1.example.test"
-------------------------------
Host name: test1.example.test
Principal name: host/test1.example.test at EXAMPLE.TEST
Principal alias: host/test1.example.test at EXAMPLE.TEST
Password: False
Keytab: False
Managed by: test1.example.test
# ipa service-add HTTP/test1.example.test --force
----------------------------------------------------
Added service "HTTP/test1.example.test at EXAMPLE.TEST"
----------------------------------------------------
Principal name: HTTP/test1.example.test at EXAMPLE.TEST
Principal alias: HTTP/test1.example.test at EXAMPLE.TEST
Managed by: test1.example.test
# ipa-getkeytab -p HTTP/test1.example.test -k /tmp/http.keytab
Keytab successfully retrieved and stored in: /tmp/http.keytab
# ipa-getkeytab -r -p HTTP/test1.example.test -k /tmp/http.keytab.1
Failed to parse result: Insufficient access rights
Failed to get keytab
#
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list