On 11/11/2011 03:52 PM, Boris Epstein wrote:
Hello all,

I've got my FreeIPA seemingly running on a Fedora 16 machine but I can not log into it from a browser as I get the "Your kerberos ticket is no longer valid." message. So the question is: is there a good guide on how to set up the Kerberos components involved?

You will get this error for numerous reasons. If any of the security mechanisms are not in place, tht is the only error message that will get through.

1.  You need to accept the CA cert
2. You need to accept the server cert...this will be automatic if you have the CA cert. 3. You need to configure your browser and accept the config potions that allow ticket forwarding


All this is done by clicking through the options from the link in the same window as the Kerberos error message you mention.


I'f you've been through all this, then the problem is likely that you do not have Kerberos set up on the machine running the browser, or you do not have a ticket. Assuming the browser is running on the IPA server, running kinit will be sufficient.


If you installed IPA on a machine that has no X server, and you need to run the browser on a remote machine to talk to it, please follow the steps to set up the remote machine as an ipa-client. That will get the Kerberos ticket set up for you.



Thanks.

Boris.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to