so the trick is to first login with the random password, it will prompt to renew it, and with a new password set, you can retrieve a usable keytab.
stijn > > i'm trying to create a keytab for a user via FreeIPA > > user was added via ipa user-add --random; keytab retrieved using > ipa-getkeytab (using admin credentials) > > klist -k list shows a number of entries for same KVNO > > however, i cannot get any credentials using kinit -kt > > it always returns: > "kinit: Password has expired while getting initial credentials" > > ipa user-show gives >> Account disabled: False >> Password: True > ... >> Kerberos keys available: True > > what am i doing wrong? (i never used the original random password to > try to get initial credentials for this user; i don't even kept it ;) > > many thanks, > > stijn > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
