On 02/15/2012 09:32 PM, Simo Sorce wrote:
On Wed, 2012-02-15 at 20:49 +0100, Sigbjorn Lie wrote:
Hi,

I see that the documentation for configuring kerberos on Solaris has
changed since the last time I looked.

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10

kclient fails if I pre-create the account in IPA, and attempt to kclient
configure the client. If I don't, it successfully retreives a keytab for
the host, but I'm unable to add the host as a host in IPA as the
kerberos principal is already used.

I suppose there is a LDAP ACL preventing me from doing this?

Can I work around this somehow, having the host account in IPA and using
kclient to configure Solaris hosts at the same time?

Sigbjorn,
running kadmind in FreeIPA<  2.2 is completely unsupported and there are
ACLs that explicitly prevent it from changing data in LDAP.

I will investigate about those instructions and correct them as
necessary, they appear incorrect.

Yes, I was a bit surprised when I noticed this in the documentation given other postings on the list where use of kadmin and kadmin.local is advised to be not supported.

Does something change in 2.2 and upwards to support the use of kadmin ?

Regards,
Siggi



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to