On 02/15/2012 09:32 PM, Simo Sorce wrote:
On Wed, 2012-02-15 at 20:49 +0100, Sigbjorn Lie wrote:

I see that the documentation for configuring kerberos on Solaris has
changed since the last time I looked.


kclient fails if I pre-create the account in IPA, and attempt to kclient
configure the client. If I don't, it successfully retreives a keytab for
the host, but I'm unable to add the host as a host in IPA as the
kerberos principal is already used.

I suppose there is a LDAP ACL preventing me from doing this?

Can I work around this somehow, having the host account in IPA and using
kclient to configure Solaris hosts at the same time?

running kadmind in FreeIPA<  2.2 is completely unsupported and there are
ACLs that explicitly prevent it from changing data in LDAP.

I will investigate about those instructions and correct them as
necessary, they appear incorrect.

Yes, I was a bit surprised when I noticed this in the documentation given other postings on the list where use of kadmin and kadmin.local is advised to be not supported.

Does something change in 2.2 and upwards to support the use of kadmin ?


Freeipa-users mailing list

Reply via email to