Hi! I am trying to get a kerberos realm to trust the ipa realm. I'm running ipa-server-4.6.6-11.el7 on a CentOS 7. It uses realm IPA.EXAMPLE.COM.
I have another KDC on another CentOS 7 which has another realm KRB.EXAMPLE.COM with a legacy service connected. Now I would like all users of my IPA realm to use that legacy service. Thus I need the KRB realm to trust the IPA realm. I don't need the IPA realm to trust the KRB realm. For the KRB KDC I have no problem adding the necessary krbtgt/krb.example....@ipa.example.com principal with a password. However, everything I find about adding it to the IPA Kerberos involves kadmin.local which seems not to be supported anymore: kadmin.local: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No such file or directory while initializing kadmin.local interface How do I add this principal correctly to my IPA kerberos? Is it possible? Thx. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org