IPA: VERSION: 4.4.0, API_VERSION: 2.213

This may be for lack of understanding the process, but..

When I retrieve a keytab for a principal using ipa-getkeytab, the kvno is 
increased on the idm.
In our test environment we have two ipa servers running and the kvno is only 
increased on one of them. After several retrivals, one principals kvno is now 
on 5 on ipa1 and 18 on ipa2.

That means the resulting keytab is only usable on one ipa server and results in 
a "password expired" message from the other ipa server.

How do I synchronize the two Kerberos servers and how do I avoid this?




Regards


Bjarne Blichfeldt


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to