Nathan Lager wrote:
Hash: SHA1

On 09/19/2012 03:47 PM, Rob Crittenden wrote:
Dmitri Pal wrote:

Rob, keytab and kerberos part seems to be fine, ldap works too.
Can it be one of the certs? May be some cert expired?

No, the error is coming from GSSAPI, it is unfortunately
completely useless. I think we've pretty well narrowed down the
problem to httpd/mod_auth_kerb but I don't know yet if this is a
configuration issue or a bug.

Nathan, can you show me your /etc/httpd/conf.d/ipa.conf?
Sure, as far as I know its completely stock, aside from the krb
password auth change.

Yup, configuration looks fine.

Ok, let's eliminate the ipa tool as the problem and try curl:

Create a file test.json with these contents:


then run this:

curl -H "Content-Type:application/json" -H "Accept:application/json" -H "Accept-Language:en" -H "Referer:"; --negotiate -u : --cacert /etc/ipa/ca.crt -d @test.json -X POST

This does the equivalent of an: ipa user-show admin


Freeipa-users mailing list

Reply via email to