On 07.06.23 14:25, Simo Sorce via FreeIPA-users wrote:
On Wed, 2023-06-07 at 10:36 +0200, Ronald Wimmer via FreeIPA-users
wrote:
On 19.09.17 12:07, Alexander Bokovoy wrote:
On ti, 19 syys 2017, Ronald Wimmer wrote:
On 2017-09-19 11:53, Alexander Bokovoy wrote:
[...]
Please spend some time reading the documentation. It is vast and has a
lot of answers to questions people keep asking on these lists.
I've already spent some time reading the documentation. Since
"ipa-getkeytab" worked I was not aware of the fact that "ipa-getkeytab
-r" would need:
ipa service-allow-retrieve-keytab HTTP/cluster.idm.example.com
--hosts={node01.idm.example.com,node02.idm.example.com}
That's why I gave you these links as you have obviously didn't read
them.
Glad that it works now.
As we ran into this problem again it should be mentioned that restarting
gssproxy.service can be necessary.
In our case Apache was looking for a KVNO 1 whereas the actual file did
already have version number 4.
FWIW, gssapi should pick up new keys in keytabs without the need to
restart.
I had to fetch a new keytab for this particular host as the host was
accidentally deleted in IPA. (would the old keytab file on the server
still have worked after re-adding the host in IPA?)
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
