Am Tue, Feb 22, 2022 at 07:42:18AM +0100 schrieb Michael Schwartzkopff via
FreeIPA-users:
> On 22.02.22 00:08, Angus Clarke wrote:
> > I was meant to have attached the script sorry!
> >
> > Attached now.
> >
> > Hope it helps
> > Angus
> > ________________________________
> > From: Michael Schwartzkopff<[email protected]>
> > Sent: 21 February 2022 23:39
> > To: Angus Clarke<[email protected]>
> > Subject: Re: [Freeipa-users] Re: FreeIPA, kinit with OTP
> >
> > On 21.02.22 21:34, Angus Clarke wrote:
> >
> > Hi Michael
> >
> > I wrote this a long time back and we use it extensively. It mentions:
> >
> > # requires krb5-pkinit (not installed on ipa client by default)
> >
> > Otherwise something else is amiss I suppose.
> >
> > Regards
> > Angus
> >
> >
> >
> > after installation of the packet I can do a kinit -n and get the ANONYMOUS
> > ticket.
> >
> >
> > But when I do a kinit with my user name I get:
> >
> > $ kinit username
> > kinit: Pre-authentication failed: Invalid argument while getting initial
> > credentials
> >
> >
> >
> >
> > Mit freundlichen Grüßen,
> >
> > --
> >
> > [*] sys4 AG
> >
> > https://sys4.de<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsys4.de%2F&data=04%7C01%7C%7Ce26d60a118df4bd6d88f08d9f58b1456%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637810799958978186%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=iRNzg3kkw6KOTBxNr%2BbtX6vxMWyx0Xy9wJ5qHhwk7ZQ%3D&reserved=0>,
> > +49 (89) 30 90 46 64
> > Schleißheimer Straße 26/MG,80333 München
> >
> > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > Aufsichtsratsvorsitzender: Florian Kirstein
> >
>
> following the steps of the script I get one step further.
>
> but still
>
> $ kinit -T KCM:1286400012 username
> Enter OTP Token Value:
Hi,
please note that the prompt might be misleading, it is expected that you
enter your long-term password and the OTP Token Value in a single
string.
> kinit: Preauthentication failed while getting initial credentials
>
> Are the any log files to check the auth process?
You can check /var/log/krb5kdc.log for the KDC part and
journalctl -u ipa-otpd@*
for the helper daemon which should verify your input.
bye,
Sumit
>
>
>
> Mit freundlichen Grüßen,
>
> --
>
> [*] sys4 AG
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
