[Freeipa-users] Trouble with new installation
Simo Sorce
ssorce at redhat.com
Mon Jun 8 13:05:02 UTC 2009
On Thu, 2009-06-04 at 14:31 -0700, Dumbo Q wrote:
> "Except that I didn't tell you to start kadmin, I was worried you
> did :-/"
>
> Doh! I was so excited I damn near skipped through the hallway. Back to
> the drawing board :)
>
> So I believe i will need to do something like
> ipa-getkeytab -s auth01.mydom.com -p <kpasswd/auth01.. ?? > -k ???
the principal is kadmin/changepw at REALM (IIRC :-)
> I'm just sure what exactly i broke.
by changing the secret you made kpasswd.keytab
(under /var/kerberos/krb5kdc/ obsolete as it has not been updated).
This means that ipa-kpasswd will not be able to perform password
changes, as it doesn't have valid credentials to connect to the ldap
service.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list