Nathan Lager wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 09/19/2012 03:47 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
Rob, keytab and kerberos part seems to be fine, ldap works too.
Can it be one of the certs? May be some cert expired?
No, the error is coming from GSSAPI, it is unfortunately
completely useless. I think we've pretty well narrowed down the
problem to httpd/mod_auth_kerb but I don't know yet if this is a
configuration issue or a bug.
Nathan, can you show me your /etc/httpd/conf.d/ipa.conf?
Sure, as far as I know its completely stock, aside from the krb
password auth change.
Yup, configuration looks fine.
Ok, let's eliminate the ipa tool as the problem and try curl:
Create a file test.json with these contents:
then run this:
curl -H "Content-Type:application/json" -H "Accept:application/json" -H
"Accept-Language:en" -H "Referer:
https://caroline0.lafayette.edu/ipa/xml" --negotiate -u : --cacert
/etc/ipa/ca.crt -d @test.json -X POST
This does the equivalent of an: ipa user-show admin
Freeipa-users mailing list