Hi folks, If I run "kinit admin; ipa -v ping" as a regular user, then I get
ipa: INFO: trying https://ipa2.example.com/ipa/json ipa: INFO: Connection to https://ipa2.example.com/ipa/json failed with (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format. ipa: INFO: trying https://ipa1.example.com/ipa/json ipa: INFO: Connection to https://ipa1.example.com/ipa/json failed with (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format. ipa: ERROR: cannot connect to 'any of the configured servers': https://ipa2.example.com/ipa/json, https://ipa1.example.com/ipa/json Using root there is no problem. Obviously this is a Unix access problem, not an old database. I would like to avoid running maintenance scripts as root, if possible. The error message doesn't include any path information, so I wonder how I can fix the access problem without opening the system too wide? Every helpful hint is highly appreciated Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
