I have two servers that I have installed the ipa-client on, both of
these servers are configured the same way however one is providing
single sign on, the other is not and instead prompts for a password when
a user logs in

I did verify that DNS is configured correctly for both servers. I issue
kinit prior to logging into either server and verified that I have a
valid ticket for both servers, but the failing server remains unchanged.
 When I look at the krb5kdc.log I see the following for the server that
is prompting for a password:

Mar 08 23:25:53 ipa1.example.net krb5kdc[12320](info): AS_REQ (12 etypes
{18 17 16 23 1 3 2 11 10 15 12 13}) 10.200.3.131: NEEDED_PREAUTH:
dav...@example.net for krbtgt/example....@example.net, Additional
pre-authentication required

Mar 08 23:25:53 ipa1.example.net krb5kdc[12320](info): AS_REQ (12 etypes
{18 17 16 23 1 3 2 11 10 15 12 13}) 10.200.3.131: ISSUE: authtime
1268090753, etypes {rep=18 tkt=18 ses=18}, dav...@example.net for
krbtgt/example....@example.net

Where else should I look to find the root cause of this issue?  What
typically causes this type of symptom?

Thanks in advance.

-- 
David Christensen

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to