> I tried https://localhost:443
> and I get a "Kerberos Authentication failed".....there is no workable 
> documentation / indication on how to fix this....


In short, you need to configure your browser to do kerberos 
authentication, trust the IPA root CA and you need a kerberos ticket in 
order to connect.


I did this however it keeps coming up with the same msg.

Also there is no instruction to tell me how to get the kerberos ticket 

> ===============
>     "Kerberos Authentication Failed
> Unable to verify your Kerberos credentials. Please make sure that you 
> have valid Kerberos tickets (obtainable via kinit), and that you have 
> configured your browser correctly 
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ssbrowser.html>. If you 
> are still unable to access the IPA Web interface, please contact the 
> helpdesk on for additional assistance.
> Import the IPA Certificate Authority 
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ca.crt>.
> You can automatically configure your browser to work with Kerberos by 
> importing the Certificate Authority above and clicking on the Configure 
> Browser button.
> You *must* reload this page after importing the Certificate Authority 
> for the automatic settings to work
> =============
> So I run kinit as a local user and get told....
> "kinit: Client not found in Kerberos database while getting initial 
> credentials"

>Did you add your user as a user in IPA? You can always try getting a 
>ticket as the admin user for testing (kinit admin).

No, the documentation didnt tell me to, or how....so this part of the "testing" 
needs to include suitable cli commands / instructions to allow a proper test. 
This should be a sequence all in order of all the steps needed and not dig your 
way through a 500 page manual and guess...

Really I guess someone wants to write a quick start or evaluation guide. Its 
interesting when you watch the youtube on freeipa and they talk about not 
having to be an expert in every single aspect, yet that's exactly what we end 
up with here, again.

I have run kinit as admin and that seems fine, however the I have not been able 
to figure out how to use the admin's kerberos ticket I assume its /tmp/krb5cc_0 
(which is owned by root) in a user's webrowser...Fedora 12 prevents root 
logging in under a gui which is silly...and I have not been able to find how to 
allow that yet.

Also I cant login as the admin user as I got told that the admin account 
already exists when I try a "adduser admin"....yet does not exist in 
/etc/passwd, group or shadow....

So what do I do with this ticket? simply change its permissions to  that of the 
local user?  hack a file somewhere to point to it?



Freeipa-users mailing list

Reply via email to