IPA: VERSION: 4.4.0, API_VERSION: 2.213 This may be for lack of understanding the process, but..
When I retrieve a keytab for a principal using ipa-getkeytab, the kvno is increased on the idm. In our test environment we have two ipa servers running and the kvno is only increased on one of them. After several retrivals, one principals kvno is now on 5 on ipa1 and 18 on ipa2. That means the resulting keytab is only usable on one ipa server and results in a "password expired" message from the other ipa server. How do I synchronize the two Kerberos servers and how do I avoid this? Regards Bjarne Blichfeldt
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project