On Mon, 06 Dec 2010 18:31:37 +0100
Thomas Sailer <sai...@sailer.dynip.lugs.ch> wrote:

> On Mon, 2010-12-06 at 10:55 -0500, Simo Sorce wrote:
> Hi Simo,
> thanks for your response!
> > We are seeing an issue with F14 DS where it has been built against
> > opneldap libraries while we still have plugins built against
> > mozldap.
> Where would that help?
> just for the ipa-getkeytab reliability issue?

Yes, that is probably a side effect of the problem we're solving.

> Because after the kerberos keys are in the client's keytab, how is
> ldap even involved in the nfs issues?

Keys are stored in ldap and asn.1 encoding is generated using ldap
libraries before storing it.
If that operation fails it may generate malformed entries that the KDC
later can't properly decode.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to