On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
> Because the integration of Kerberos in IPA, Kerberos tools can be used
> only in limited
> situations, when creating afs/DOMAIN@REALM with kadmin, I got this
> error:
> add_principal: Kerberos database constraints violated while creating
> "afs/DOMAIN@REALM"
> 
Use ipa service-add to add services, never use kadmin.local, it will not
work, we hard-coded failures in the DB driver to prevent users from
doing that as kadmin doesn't know where to put and how to properly fill
up objects.

However you can use kadmin.local on a pre-existing principal to obtain a
new keytab.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to