Simo Sorce wrote:
On Mon, 2012-02-13 at 10:39 +1100, Craig T wrote:
Hi,
Server:
RHEL6.2
Spec:
ipa-admintools-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-python-2.1.3-9.el6.x86_64
ipa-server-2.1.3-9.el6.x86_64
ipa-server-selinux-2.1.3-9.el6.x86_64
libipa_hbac-1.5.1-66.el6_2.3.x86_64
libipa_hbac-python-1.5.1-66.el6_2.3.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
Error:
I had this working on Friday night, came in Monday and then this error appeared?
kinit -V craig
Using default cache: /tmp/krb5cc_0
Using principal: cr...@example.com
kinit: Generic error (see e-text) while getting initial credentials
Server Side Error: (File: /var/log/krb5kdc.log)
Feb 13 10:36:04 sysvm-ipa krb5kdc[5590](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.214: LOOKING_UP_CLIENT: cr...@example.com for
krbtgt/example....@example.com, unable to decode stored principal key data
(ASN.1 encoding ended unexpectedly)
Usual Questions:
Should I simply reset the password?
It seem like the only option to quickly recover access to your user.
Is it a bug?
It may be. Did you do anything special with this user ? Did this happen
immediately after a password change ? Or immediately after a FreeIPA or
krb5kdc upgrade ?
Can you give a little more context around this ?
Also could you ldapsearch this user entry before you change your
password using 'cn=Directory Manager' as user in order to retrieve the
key attribute and send the ldif to me in private ? I want to see if the
key blob at least looks normal (do not worry about your password, the
key material is itself encrypted).
It might also be handy to see who last updated this entry before you
reset the password (if it isn't too late): modifyTimestamp lastModifiedBy
Anyone else seen this error?
Haven't seen any report, and haven't ever occurred in my testing.
Simo,
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
