[Freeipa-users] Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library
Alan Latteri
alan at instinctualsoftware.com
Tue Jan 3 21:44:27 UTC 2017
Thanks Rob.
/etc/krb5.conf.d/ was in fact missing from the client, which is still on CentOS 7.2 for reasons out of our control.
Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the /etc/krb5.conf.d/ directory, but are running fine. So maybe the 4.4 client requires that dir but is not making it on upgrade and the cause of the failure?
Alan
> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>
> Alan Latteri wrote:
>> Log is attached.
>
> Look and see if /etc/krb5.conf.d/ and
> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
> filesystem perms are an issue but who knows.
>
> You can also brute force things using strace -f to find out exactly what
> can't be read.
>
> rob
>
More information about the Freeipa-users
mailing list