Apologies for hijacking the thread but you reminded me of a longstanding
issue - I can't manually use kinit on my client nodes. As I operate a jump
server that means I get a ticket on first login but when i login to other
client systems the ticket gives me entry but doesn't follow me. When I try
to run kinit for my user the following message is printed:
$ kinit callum
kinit: Generic preauthentication failure while getting initial credentials
Not a single local log entry is generated. Any ideas?
On Fri, Jul 14, 2017 at 7:22 AM Jakub Hrozek via FreeIPA-users <
> On Fri, Jul 14, 2017 at 02:02:03AM -0000, patrick.mchale--- via
> FreeIPA-users wrote:
> > Hi,
> > I am getting an error logging into a FreeIPA server from a new FreeIPA
> client. I have reset the password for the user using "kinit admin" but
> still no joy. Is there another password that is needing to be set?.
> > Jul 14 13:53:41 ipa-client [sssd[krb5_child]]: Password has expired
> > Jul 14 13:53:41 ipa-client [sssd[krb5_child]]: Decrypt integrity
> check failed
> > Jul 14 13:54:40 ipa-client [sssd[krb5_child]]: Password has expired
> > Jul 14 13:54:40 ipa-client [sssd[krb5_child]]: Decrypt integrity
> check failed
> sssd should have prompted you for the new password.. The "Decrypt
> integrity check failed" sounds like the wrong password was entered,
> does kinit $user work?
> FreeIPA-users mailing list -- email@example.com
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Head of Information Security
*0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | **
X-on is a trading name of Storacall Technology Ltd a limited company
registered in England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel
Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use by the
addressee(s) only. If you are not the intended recipient, please notify
X-on immediately on +44(0)333 332 0000 and delete the
message from your computer. If you are not a named addressee you must not
use, disclose, disseminate, distribute, copy, print or reply to this email.
or opinions expressed by an individual
within this email may not necessarily reflect the views of X-on or its
associated companies. Although X-on routinely screens for viruses,
addressees should scan this email and any attachments
for viruses. X-on makes no representation or warranty as to the absence of
viruses in this email or any attachments.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org