On Срд, 22 мая 2024, Rob Crittenden via FreeIPA-users wrote:
Dmitry Krasov via FreeIPA-users wrote:
Hi Florence.
As far as I understand, it's all because the keytab file become bad in some
time.
1. Why it's so?
2. I know how to fix file manually, but how can I check it in script "if file become
bad"?
What makes you think the keytab is bad?
A simple way to validate a keytab is to compare the version number to
the one the KDC has.
$ kinit admin
$ kvno host/<client host name>
# klist -kt /etc/krb5.keytab
Compare the version numbers. It's ok for the keytab to have multiple
versions but one has to match what the KDC version number is.
It would also help to see SSSD logs that show how nsupdate runs and what
fails there. Or why is it not running. SSSD will tell some details in
the logs if you enable debug level 9.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
