Thanks for that .. using that switch the principle is now created on to
see it it works as expected ..
On 11/28/2013 09:10 AM, Simo Sorce wrote:
On Thu, 2013-11-28 at 08:29 +1000, Matt Bryant wrote:
Have added the following into bugzilla ..
Bug 1035494 has been added to the database
seems strange but whilst listprincs/getprinc works getpols and the
addprinc (at least in this use case) doesnt...
addprinc not working for normal user principals is expected, we block it
to prevent the creation of incomplete user accounts.
I think getpols is also expected to fail as we use IPA specific
However it should allow you to create krbtgt/OLD-REALM@IPA-REALM to set
up trusts until we provide an explicit command for it. This is why I
wanted you to open a bug on that.
kadmin.local: add_principal -pw XXXXXXX krbtgt/OLD-REALM@IPA-REALM
WARNING: no policy specified for krbtgt/OLD-REALM@IPA-REALM;
defaulting to no policy
add_principal: Invalid argument while creating
Now that I think of it, there is an undocumented switch that will allow
you to create an arbitrary principal. This switch should NEVER be used
to create user principals or normal host principals, however it should
allow you to workaround the issue until we can fix the kadmin interface.
Use kadmin.local -x ipa-setup-override-restrictions
But please use it exclusively to create the krbtgt/REALM1@REALM2
principals and nothing else.
Freeipa-users mailing list