Jeremy Tourville via FreeIPA-users wrote: > I have noted that klist and kvno don't match for the keytab I fetched > earlier. Could this cause issues with named or are those two separate > issues? How do I get them to match? > > [root@gsil-ipa01 data]# klist -ek /etc/krb5.keytab > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 5 host/gsil-ipa01.idm.gsil.s...@idm.gsil.smil (aes256-cts-hmac-sha384-192) > 5 host/gsil-ipa01.idm.gsil.s...@idm.gsil.smil (aes128-cts-hmac-sha256-128) > 5 host/gsil-ipa01.idm.gsil.s...@idm.gsil.smil (aes256-cts-hmac-sha1-96) > 5 host/gsil-ipa01.idm.gsil.s...@idm.gsil.smil (aes128-cts-hmac-sha1-96) > > [root@gsil-ipa01 data]# kvno host/gsil-ipa01.idm.gsil.s...@idm.gsil.smil > host/gsil-ipa01.idm.gsil.s...@idm.gsil.smil: kvno = 2
Yes, it is basically: the passwords don't match. In a previous e-mail healthcehck reported that replication wasn't working, that might account for it. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue