Hi folks,

If I run "kinit admin; ipa -v ping" as a regular user, then I get

ipa: INFO: trying https://ipa2.example.com/ipa/json
ipa: INFO: Connection to https://ipa2.example.com/ipa/json failed with 
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, 
unsupported format.
ipa: INFO: trying https://ipa1.example.com/ipa/json
ipa: INFO: Connection to https://ipa1.example.com/ipa/json failed with 
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, 
unsupported format.
ipa: ERROR: cannot connect to 'any of the configured servers': 
https://ipa2.example.com/ipa/json, https://ipa1.example.com/ipa/json

Using root there is no problem. Obviously this is a Unix
access problem, not an old database.

I would like to avoid running maintenance scripts as root,
if possible. The error message doesn't include any path
information, so I wonder how I can fix the access problem
without opening the system too wide?


Every helpful hint is highly appreciated
Harri

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to