On 4.1.2016 10:48, Martin Basti wrote:
>> [root@ipa01 ~]# kinit -k -t /etc/named.keytab DNS/ipa01.example.com
>> <http://ipa01.example.com>
>> [root@ipa01 ~]# klist
>> Ticket cache: KEYRING:persistent:0:krb_ccache_th1WCcV
>> Default principal: DNS/ipa01.example....@example.com
>> <mailto:DNS/ipa01.example....@example.com>
>> Valid starting       Expires              Service principal
>> 12/23/2015 02:07:14  12/24/2015 02:07:14 krbtgt/example....@example.com
>> <mailto:krbtgt/example....@example.com>
> I have disabled unencrypted binds to 389, but I read somewhere this evening
> this should not be an issue since passwords were being sent and the STARTTLS
> is always being used.

Please write down *exact* configuration changes you did.

Generally named-pkcs11 is using GSSAPI and not TLS, so it will not work if you
enforced TLS on all connections.

Petr^2 Spacek

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to