Ronald Wimmer via FreeIPA-users wrote:
> On 07.06.23 14:25, Simo Sorce via FreeIPA-users wrote:
>> On Wed, 2023-06-07 at 10:36 +0200, Ronald Wimmer via FreeIPA-users
>> wrote:
>>> On 19.09.17 12:07, Alexander Bokovoy wrote:
>>>> On ti, 19 syys 2017, Ronald Wimmer wrote:
>>>>> On 2017-09-19 11:53, Alexander Bokovoy wrote:
>>>>>> [...]
>>>>>> Please spend some time reading the documentation. It is vast and
>>>>>> has a
>>>>>> lot of answers to questions people keep asking on these lists.
>>>>>
>>>>> I've already spent some time reading the documentation. Since
>>>>> "ipa-getkeytab" worked I was not aware of the fact that "ipa-getkeytab
>>>>> -r" would need:
>>>>>
>>>>> ipa service-allow-retrieve-keytab HTTP/cluster.idm.example.com
>>>>> --hosts={node01.idm.example.com,node02.idm.example.com}
>>>> That's why I gave you these links as you have obviously didn't read
>>>> them.
>>>>
>>>> Glad that it works now.
>>>
>>> As we ran into this problem again it should be mentioned that restarting
>>> gssproxy.service can be necessary.
>>>
>>> In our case Apache was looking for a KVNO 1 whereas the actual file did
>>> already have version number 4.
>>
>>
>> FWIW, gssapi should pick up new keys in keytabs without the need to
>> restart.
>
> I had to fetch a new keytab for this particular host as the host was
> accidentally deleted in IPA. (would the old keytab file on the server
> still have worked after re-adding the host in IPA?)
The old keytab would not work. A keytab contains a secret. That is used
to authenticate. If the value doesn't exist on the server, auth fails.
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
