so the trick is to first login with the random password, it will prompt
to renew it, and with a new password set, you can retrieve a usable keytab.

stijn

> 
> i'm trying to create a keytab for a user via FreeIPA
> 
> user was added via ipa user-add --random; keytab retrieved using
> ipa-getkeytab (using admin credentials)
> 
> klist -k list shows a number of entries for same KVNO
> 
> however, i cannot get any credentials using kinit -kt
> 
> it always returns:
> "kinit: Password has expired while getting initial credentials"
> 
> ipa user-show gives
>>   Account disabled: False
>>   Password: True
> ...
>>   Kerberos keys available: True
> 
> what am i doing wrong?  (i never used the original random password to
> try to get initial credentials for this user; i don't even kept it ;)
> 
> many thanks,
> 
> stijn
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to