[Freeipa-users] GSSAPI Failure
Simo Sorce
ssorce at redhat.com
Thu Nov 13 13:17:52 UTC 2008
On Thu, 2008-11-13 at 10:25 +0300, Konstantin Kozlov wrote:
> I did not from the beginning but when I did and restarted krb5kdc and
> dirsrv nothing changed. My krb5.conf contains forwardable = no in two
> places - libdefaults and appdefaults. Is that correct?
No, without forwardable tickets you cannot successfully use the IPA Web
UI or the CLI tools, they rely on the fact that the XML-RPC interface
can use your forwarded ticket to contact the ldap server.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list