On Thu, Aug 24, 2017 at 09:51:51AM -0500, Kat via FreeIPA-users wrote: > Hi all, > > Has anyone seen this before: > > 1. User created, and being used for logins, no issues. Works just fine. > > 2. At one point, keytab file is retrieved via getkeytab, which also works. > > 3. After the keytab is retrieved, the password no longer seems to work??? > > Weirdness - am I missing something here? This can be repeated with any user > set to retrieve their keytab.
see man ipa-getkeytab "WARNING: retrieving the keytab resets the secret for the Kerberos principal. This renders all other keytabs for that principal invalid." This means by default ipa-getkeytab will override the current secret/password with a random one which will be added to the keytab as well. In your case you might want to have a look at the -r or -p option of ipa-getkeytab. HTH bye, Sumit > > -K > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
